Results 1 to 2 of 2
  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    9 MS patches for August

    The usual scenario.........there are 9 security updates of which 6 are expected to be critical.

    Apparently August is a bad month because it is a time when a lot of IT professionals are on vacation and it is popular with the bad guys for this reason.

    They are generally pretty quick to reverse engineer the patches and develop live exploits



  2. #2
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    Given the new Advanced Notification bulletins that Microsoft has, you can now make a fairly decent call on what the vulnerabilities will be... Most of this months will only be considered "remote code execution" (as Microsoft likes to use) because of the possibility of Web Based, User Interaction Required attacks.... Technically there's the potential for 3 truly remote attacks if you go by the MSRC write-up and 2 if you go by the Advanced Notification bulletin (since they are new they still tend to have the occasional mistake, so we'll see who is right)... And 1 of those (either way) is Vista only and would be fairly minor..

    Last month actually saw 3 "technically remote" attacks and none of them were serious... Only one showed real potential and after a while even it proved to only be reliable as a DoS. While no module was released for Metasploit, they couldn't take it beyond the DoS condition either...

    Even with the ability to reverse the patches, we've only seen one or two, truly good, "wormable" exploits in the past year (wormable without requiring user interaction) and neither of them were taken advantage of....

    While I'm looking forward to a long day on Tuesday... I don't think it will be as bad as it could be (although I'm sure that will come back to kick my ass).
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Similar Threads

  1. SuSE releases critical patches
    By SDK in forum *nix Security Discussions
    Replies: 4
    Last Post: February 7th, 2005, 10:33 PM
  2. Hackers exploit Windows patches
    By MrLinus in forum Microsoft Security Discussions
    Replies: 5
    Last Post: February 27th, 2004, 12:14 AM
  3. Software patches don't work.
    By mayhem991 in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: February 1st, 2003, 01:12 AM
  4. MS patches insecurity trio
    By prodikal in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: October 20th, 2002, 01:41 PM
  5. Article: Security patches for Linux kernel.
    By micael in forum *nix Security Discussions
    Replies: 0
    Last Post: March 7th, 2002, 07:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts