Re: ISA Security Bulletin

• From: "Steven Sporen" <sporens@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 26 Jun 2002 08:34:07 +0200

Except if the patch breaks your server, so if you don't need it right
this moment because as stated it doesn't apply to your server - why be
the beta tester :) 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: 26 June 2002 07:08
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Security Bulletin


http://www.ISAserver.org


Given that many (if not the vast majority) of users have admin rights on
their respective machines, patching IE across the board seems like a
good idea. I keep my ISA locked down and patched to the gills for two
reasons: 1. Anything the good guys can make, the bad guys can break.
Once a hole is discovered, you can bet your granny's panties that some
slimy script-kiddie is out looking for you. 2. MS doesn't release
security patches for no reason.  If someone can convince them that they
have a hole; they're very quick to plug it and any others lying nearby.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, June 25, 2002 8:16 PM
Subject: [isalist] ISA Security Bulletin


http://www.ISAserver.org


Hey Guys,

After reading this thoroughly I am a little confused as to the need to
patch.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/
bulletin/MS02-027.asp

Is this needed only if you are running proxy clients? Or are webservers
somehow vulnerable as well...

It seems like anyone who has admin access that views a webpage would
'enable' this vulnerability in the users security context.

I did not see any conversations here about it...

Did most people patch?

Thanks!




------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sporens@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » ISA Security Bulletin
• » Re: ISA Security Bulletin
• » Re: ISA Security Bulletin
• » Re: ISA Security Bulletin
• » Re: ISA Security Bulletin
• » Re: ISA Security Bulletin
• » Re: ISA Security Bulletin
• » Re: ISA Security Bulletin

1. Home
2. isalist
3. Archive
4. 06-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---