Re: ISA Security Bulletin
- From: "John Tolmachoff" <isalist@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 26 Jun 2002 08:32:09 -0700
BTW, I installed the patch last week. No problemo.
:-)>
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, June 26, 2002 6:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Security Bulletin
http://www.ISAserver.org
Released security patches aren't beta code, so that analogy doesn't hold
water. ;-)
Also, how are you to know that it'll "break your server" until your
either
ask around (as you did) or install it.
MS is working extremely hard to minimize the "broken code" stigma that
has
plagued them for so long.
Security patches get tested as hard as they possibly can, given the
extremely short release timeframe.
The announcement has been updated; it does apply to ISA and is listed as
"Critical".
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Steven Sporen" <sporens@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, June 25, 2002 11:34 PM
Subject: [isalist] Re: ISA Security Bulletin
http://www.ISAserver.org
Except if the patch breaks your server, so if you don't need it right
this moment because as stated it doesn't apply to your server - why be
the beta tester :)
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 26 June 2002 07:08
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA Security Bulletin
http://www.ISAserver.org
Given that many (if not the vast majority) of users have admin rights on
their respective machines, patching IE across the board seems like a
good idea. I keep my ISA locked down and patched to the gills for two
reasons: 1. Anything the good guys can make, the bad guys can break.
Once a hole is discovered, you can bet your granny's panties that some
slimy script-kiddie is out looking for you. 2. MS doesn't release
security patches for no reason. If someone can convince them that they
have a hole; they're very quick to plug it and any others lying nearby.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, June 25, 2002 8:16 PM
Subject: [isalist] ISA Security Bulletin
http://www.ISAserver.org
Hey Guys,
After reading this thoroughly I am a little confused as to the need to
patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/
bulletin/MS02-027.asp
Is this needed only if you are running proxy clients? Or are webservers
somehow vulnerable as well...
It seems like anyone who has admin access that views a webpage would
'enable' this vulnerability in the users security context.
I did not see any conversations here about it...
Did most people patch?
Thanks!
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sporens@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
