Any update on if this patch breaks anything. I have been advised by my security monitoring service to get this updated ASAP. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Schneider, Chad M Sent: August 9, 2006 7:40 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: New Critical MS Fix MS06-040 ?!?! We received the e-mail of this patch late yesterday....got a voice mail an hour later, and another follow-up this AM....this one is getting more attention from M$ than I can ever recall. They asked that we make every effort to get installed in the next 72 hours. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Pardee Sent: Wednesday, August 09, 2006 7:00 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: New Critical MS Fix MS06-040 ?!?! I just received an email from our MS rep asking us if we had tested this, what the reasons were if we hadn't, and when we plan on rolling it out. They consider this a Level 3 patch and said it is extremely critical. We'll focus more on our Internet accessible nodes first (non are TS) but will start the testing with it internally over time. This is the first I've ever had our TAM contact us with questions over why we wouldn't just deploy it. > From: Steve Greenberg <steveg@xxxxxxxxxxxxxx> > Reply-To: <thin@xxxxxxxxxxxxx> > Date: Wed, 9 Aug 2006 00:31:20 -0700 > To: <thin@xxxxxxxxxxxxx> > Subject: [THIN] Re: New Critical MS Fix MS06-040 ?!?! > > As usual, this is a case where patience and logic do not rule :-) The > client is already in the process of applying the patch well over a hundred > non TS systems. It is the TS systems that we have some influence on and are > being requested to come back with field reports. So far on in house test > system, no problems. > > > > These are situations in which the client is being "ordered" to go ahead and > install the patches. Your explanation is perfect, but the bottom line is > that they are going to have to go ahead and do this, I am just hoping > someone else has jumped first and can tell us what the bottom of the cliff > looks like! > > > > > > Steve Greenberg > > Thin Client Computing > > 34522 N. Scottsdale Rd D8453 > > Scottsdale, AZ 85262 > > (602) 432-8649 > > www.thinclient.net > > steveg@xxxxxxxxxxxxxx > > > > _____ > > From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf > Of Rick Mack > Sent: Tuesday, August 08, 2006 11:36 PM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: New Critical MS Fix MS06-040 ?!?! > > > > Hi Steve, > > > > Patching the server service on file/print backend servers and TS is kind of > scary considering the things that could break. > > > > I'm fairly pragmatic about this sort of thing because at the end of the day, > it's all about risk management. > > > > I wouldn't disregard a critical update on my internet exposed systems but > production TS is a different story. > > > > Taking past experience into account, in an adequately secured internal > network, the Microsoft security hotfixes have caused more system outages > than any exploits. > > > > Any internet-exposed systems should have the server service disabled as a > matter of course, in addition to appropriate firewall filtering etc. > Educational environments with TS/Citrix should be using internal firewalls > to limit exposure to ICA/http only. > > > > It's a question of what's a bigger risk, a known exploit with defined > work-arounds or an unknown failure due to inadequate regression testing in > the fix? > > > > If potential buffer overflow vulnerabilities in the server service were the > only vulnerabilities in the average internal network, we'd be pretty darn > secure. > > > > My recommendation is don't be panicked into installing this hotfix in > production. Test it in a development environment, if that's okay install on > a single production server. If nothing has broken after a couple of weeks > and nobody else is hurting, then patch your production systems. > > > > I'll let you know what it breaks in a month's time ;-) > > > > regards, > > > > Rick > > > > Ulrich Mack > Volante Systems > > _____ > > From: thin-bounce@xxxxxxxxxxxxx on behalf of Steve Greenberg > Sent: Wed 9/08/2006 16:04 > To: thin@xxxxxxxxxxxxx > Subject: [THIN] New Critical MS Fix MS06-040 ?!?! > > Does anyone have experience yet with this new critical patch in production > 2003/PS4 environments? > > > > <http://www.microsoft.com/technet/security/Bulletin/ms06-040.mspx> > http://www.microsoft.com/technet/security/Bulletin/ms06-040.mspx > > > > We have customers who are asking for any available feedback on the effect of > installing this new critical fix as they are being required to deploy it > right away in production!!! > > > > Any experience? Any gotchas?? > > > > thanks > > > > Steve Greenberg > > Thin Client Computing > > 34522 N. Scottsdale Rd D8453 > > Scottsdale, AZ 85262 > > (602) 432-8649 > > www.thinclient.net > > steveg@xxxxxxxxxxxxxx > > > > ######################################################################## #### > ######### > > This e-mail, including all attachments, may be confidential or privileged. > Confidentiality or privilege is not waived or lost because this e-mail has > been sent to you in error. If you are not the intended recipient any use, > disclosure or copying of this e-mail is prohibited. If you have received it > in error please notify the sender immediately by reply e-mail and destroy > all copies of this e-mail and any attachments. All liability for direct and > indirect loss arising from this e-mail and any attachments is hereby > disclaimed to the extent permitted by law. > > ######################################################################## #### > ######### > > ######################################################################## #### > ######### > This e-mail, including all attachments, may be confidential or privileged. > Confidentiality or privilege is not waived or lost because this e-mail has > been sent to you in error. If you are not the intended recipient any use, > disclosure or copying of this e-mail is prohibited. If you have received it > in error please notify the sender immediately by reply e-mail and destroy > all copies of this e-mail and any attachments. All liability for direct and > indirect loss arising from this e-mail and any attachments is hereby > disclaimed to the extent permitted by law. > ######################################################################## #### > ######### > > > ######################################################################## #### > ######### > > This e-mail, including all attachments, may be confidential or privileged. > Confidentiality or privilege is not waived or lost because this e-mail has > been sent to you in error. If you are not the intended recipient any use, > disclosure or copying of this e-mail is prohibited. If you have received it > in error please notify the sender immediately by reply e-mail and destroy > all copies of this e-mail and any attachments. All liability for direct and > indirect loss arising from this e-mail and any attachments is hereby > disclaimed to the extent permitted by law. > > ######################################################################## #### > ######### > > ######################################################################## #### > ######### > This e-mail, including all attachments, may be confidential or privileged. > Confidentiality or privilege is not waived or lost because this e-mail has > been sent to you in error. If you are not the intended recipient any use, > disclosure or copying of this e-mail is prohibited. If you have received it > in error please notify the sender immediately by reply e-mail and destroy > all copies of this e-mail and any attachments. All liability for direct and > indirect loss arising from this e-mail and any attachments is hereby > disclaimed to the extent permitted by law. > ######################################################################## #### > ######### > > ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************ This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal and or privileged information. Please contact us immediately if you are not the intended recipient. Do not copy, distribute or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed. ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************