BTW, I installed the patch last week. No problemo. :-)> John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, June 26, 2002 6:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Security Bulletin http://www.ISAserver.org Released security patches aren't beta code, so that analogy doesn't hold water. ;-) Also, how are you to know that it'll "break your server" until your either ask around (as you did) or install it. MS is working extremely hard to minimize the "broken code" stigma that has plagued them for so long. Security patches get tested as hard as they possibly can, given the extremely short release timeframe. The announcement has been updated; it does apply to ISA and is listed as "Critical". Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Steven Sporen" <sporens@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, June 25, 2002 11:34 PM Subject: [isalist] Re: ISA Security Bulletin http://www.ISAserver.org Except if the patch breaks your server, so if you don't need it right this moment because as stated it doesn't apply to your server - why be the beta tester :) -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 26 June 2002 07:08 To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Security Bulletin http://www.ISAserver.org Given that many (if not the vast majority) of users have admin rights on their respective machines, patching IE across the board seems like a good idea. I keep my ISA locked down and patched to the gills for two reasons: 1. Anything the good guys can make, the bad guys can break. Once a hole is discovered, you can bet your granny's panties that some slimy script-kiddie is out looking for you. 2. MS doesn't release security patches for no reason. If someone can convince them that they have a hole; they're very quick to plug it and any others lying nearby. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, June 25, 2002 8:16 PM Subject: [isalist] ISA Security Bulletin http://www.ISAserver.org Hey Guys, After reading this thoroughly I am a little confused as to the need to patch. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS02-027.asp Is this needed only if you are running proxy clients? Or are webservers somehow vulnerable as well... It seems like anyone who has admin access that views a webpage would 'enable' this vulnerability in the users security context. I did not see any conversations here about it... Did most people patch? Thanks! ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sporens@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')