Does supplying patches really work?
Results 1 to 7 of 7

Thread: Does supplying patches really work?

  1. #1
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792

    Does supplying patches really work?

    Anyone else find this interesting?

    From Sans Handler's Diary December 11th 2005
    Core Security Technologies has an excellent article on this subject and RPC Vulnerabilities.
    One highlight from this article is that the "patches for these vulnerabilities ..... effectively
    fix the problem(s)" with the vunerabilities used in the discussion. All of the vulnerabilities
    are more than 18 months old; these fixed have been out for some time, giving lots
    of time for admins to perform testing and loading of said patches.
    Then, to accentuate this, when viewing the front page of
    SANS Internet Storm Center you see something like

    Over the last hour, 42 % of the visitors to this site were vulnerable to the
    Internet Explorer 0-day exploit. (result based on browser version and
    javascript enabled)
    ( see AO thread New 0-Day Exploit - SANS Internet Storm Center
    for initial discussion of the exploit. )

    Now, who else besides security minded individuals visit this site?

    So why is that percentage so high?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  2. #2
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    could it be proof that NO ONE is immune to attacks of PC stupidity

    people in glass houses ..........
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'm not really sure what SANS is trying to get at here..

    The Core article is unrelated to what they said "seems to be the eEye vuln"... That vuln was disclosed by MS only 2 months ago... Depending on the environment your in, 2 months may not be enough time to test and deploy patches for some of your machines... but then again a lot of people are just lazy... It still doesn't explain the 18 months that they mention... the exploit in the Core article is 18 months old (as is the article)... but that seems to come out of no where...

    Also I've posted an article on here... and there's been some discussion across DailyDave (which is where I first found it)... about new RPC vulns that are rearing their head and are unpatched... This could be what they're seeing floating round... not the old stuff..

    As for the window() vuln... There's no patch for it.... that explains why people are vuln. Also there's no accounting for 3rd party software that may be interacting... They simply look at your brower and if javascript is enabled... there could be other factors involved.... but the simple fact is that there's no patch... so it sort of defeats your topic :P

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    So why is that percentage so high?
    Because there is not patch for that vulerability and people are still using IE?

    Actually... A lot of the time, I have Firefox's user agent set to IE6 becuse some pages refuse to serve pages to you if you're not using IE. But... I do use the noscript extension. So, since they're just going by the user agent and if JS is enabled... their statistics may not be correct.

    I use Firefox and IE interchangably...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Also I've posted an article on here... and there's been some discussion across DailyDave (which is where I first found it)... about new RPC vulns that are rearing their head and are unpatched... This could be what they're seeing floating round... not the old stuff..
    Yes, quite possible. We will have to wait and see.

    As for the window() vuln... There's no patch for it.... that explains why people are vuln.
    Does this mean that because there is no patch that we just ignore it until there is one?
    There are work around solutions.

    Remember, this was found weeks ago, these are security minded people visiting the site.

    And yes, the percentage may be off for reasons such as phisy said, but can't be that far off.

    Hopefully there will be a way for them to tell if the IE patch was applied by visitors ( patch due tomorrow ?? ).
    It would be interesting ( revealing? ) to see how long those numbers stay high.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  6. #6
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Possibly it's so high because you're on a corporate system.

    I reported this weakness to our IST dept, logged it as a system weakness (as per our ISMS) and the mitigation is being investigated.

    As far as far as the org is concerned if the mitigating action will interfere with internal applications we'll probably just accept the risk and wait on the patch.

    Switching everyone to FF isn't being considered.

    Lots of visitors will be in that boat I would imagine.

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Aspman
    Possibly it's so high because your on a corporate system.

    I reported this weakness to our IST dept, logged it as a system weakness (as per our ISMS) and the mitigation is being investigated.

    As far as far as the org is concerned if the mitigating action will interfere with internal applications we'll probably just accept the risk and wait on the patch.

    Switching everyone to FF isn't being considered.

    Lots of visitors will be in that boat I would imagine.
    Hey Hey,

    I could see that happening.... Especially with the number of places that have OWA in use.... The difference between OWA2003 is huge between Internet Explorer and Firefox. I've seen Firefox turned away a number of times because it makes it "more difficult" for corporate users to access OWA... and no one (non-IT) wants two browsers... that's just a pain.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •