[thelist] New Critical Security Patch for Windows....
Anthony Baratta
anthony at baratta.com
Wed Feb 11 10:48:34 CST 2004
At 05:01 AM 2/11/2004, Eveline wrote:
>I don't know if you have heard, but Microsoft already knew about this
>issue, 6 months ago.... The
>security company which discovered the problem, had to promise Microsoft
>not to go public with this
>until they had a solution.....
>
>Nice practises, isn't it......
Yup - read that.
Such a delay just makes it even more important to patch immediately. If
someone found the hole 6 months ago and you take into consideration the
number of people pounding on the OS looking for hole - someone (or several
someone's) are bound to discover the hole independently and they might not
be working for the good guys.
There are real zero-day* exploits floating around out there, if you
own/manager/admin a server no matter what the OS you have to keep up with
the patches. And keep an ear to the ground on non-public security holes.
Of course you also need to practice safe hex and minimize the access points
in your machine by turning off all non-essential services.
* A Zero-Day exploit is an unknown/non-public security hole that is being
used by crackers to gain access to machines.
http://netsecurity.about.com/library/weekly/aa031903a.htm
---
Anthony Baratta
President
Keyboard Jockeys
"Conformity is the refuge of the unimaginative."
More information about the thelist
mailing list