August 27th, 2003 by Daniele Muscetta
I have been quite busy at work.
There is a lot to do…
…this guy up here in this post I quote, has really got the same idea as I do.
http://lists.netsys.com/pipermail/full-disclosure/2003-August/009153.html
I am in a position where I need to make people aware in a large organisation where I work… They need to understand WHICH are the risks out there going on at the moment and WHY should we take some technical steps to address those issues… and it DOES take time.
Before you're allowed to install a patch, change whatever, you need and have to be "in synch" with the other colleagues, of the same and other departments.
They need to understand and prioritize with the other activities.
Loads of people screaming at us, stupid admins who don't patch, and bla bla…
Well, my machines at home ARE patched in time, and I even rely on automatic systems with some of them. On the other hand, in a big company this isn't simply possible or desiderable to have.
It's the truth.
You need a more controlled/throughly-tested environment/configuration and you simply can't rely on fast and automatic patching.
Some other people should stop shouting against we lazy admins…
Posted in category: General
Tags:
Trackback | No Comments »
August 7th, 2003 by Daniele Muscetta
Microsoft fixing another faulty patch
http://www.computerworld.com/printthis/2003/0,4814,83584,00.html
…we all have read about Microsoft releasing a patch that gave some people trouble with RRAS Services.
I have instead being the lucky guy who's got another – similar – problem with it: on a machine with Microsoft Proxy Server 2.0 running into IIS3, the "Web Proxy" service would not start.
The "World Wide Web Publishing Service" starts, but from Internet service manager the "Web Proxy" module appears as Not Running.
I looked at the property of the WWW Service in Internet Service Manager, where the field "User" (for Anonymous Authentication) is indeed EMPTY, instead of containing the usual IUSR_SERVERNAME.
But, funny enough, the value with the correct user name IS in the registry (HKLM/System/CurrentControlSet/Services/W3SVC/Parameters ….). It's still IIS3, then it is in the registry, it does not have a metabase. But is DOES not get read !!
Uninstalling the patch, the service works again, and the user is correctly displayed.
I KNOW that the vulnerability is considered "Moderate" since no native service can expose it remotely.
On the other hand, on the very same machine a third-party SMTP Virus-Scanning product is also installed, which MIGHT make use of the "dangerous" API, and expose the flaw remotely…. very remote possibility, but still I like to have my systems patched…. maybe a maliciously crafted mail could trigger the vulnerability (?worst case scenario?), like in a bug of sendmail of some time ago…..
And this was the bad new.
The GOOD new is that Microsoft supplied me the hotfix they released for the RRAS issue, and it also fixes this problem.
I am one week late, but my system is patched.
Digression:
The hotfix in question is numbered Q825501 – I wonder how one is supposed to REMEBER all of these numbers… which relation does it have with the original "823803" ?… which again is referred to security bullettin MS03-029…
But OK, the issue was the fix, and the fix works. That's important.
Posted in category: Microsoft, Security
Tags: Windows
Trackback | No Comments »
