Slashdot Mirror
Microsoft to Release 6 Security Updates Next Week
An anonymous reader wrote in with an article that leads: "Microsoft will release six groups of security patches next week, including three critical updates for Windows and Excel users. The critical updates will fix bugs in many different versions of Microsoft's products including the latest versions of Excel, Windows XP, Vista and Windows Server 2003, Microsoft said."
If that is how it works in your org. Then they should start using WSUS or learn how to use it properly.
Whos at fault? Your company. They are not using WSUS (http://technet.microsoft.com/en-us/wsus/default.a spx) or something similar. The technology is there, don't blame MS.
Not the sharpest tool in the box.
I.O.U One Sig.
"the typical setup of X machines being shoehorned into 1 IP doesn't have a single benefit"
If that were true then it wouldn't be done. If it weren't being done then everyone in an office would need their own public IP to connect to the net? It's a benefit to be able to firewall traffic at one point rather than doing the same checks on every machine as well.
which is totally what she said
NAT doesn't stop people sending data back it just stops people directly coming in. Since they can get out they can tunnel a way back in or sit on an IRC server or similar system and wait for commands. There are also techniques like STUN that trick a NAT system into opening a port without actually realising it. Even though you have a hard time getting things to work, people have already thought of this and have no issues working around things ;)
I always wondered where this setting was...
Just because a PC has a public IP doesn't mean you don't need a firewall or router. It doesn't mean you'd be doing all your firewalling on the individual PCs. You'd still route your traffic through a central box and do your checks there instead of on every machine.
I'm not going to say NAT is completely bad all the time. It's a handy little hack. But that's exactly what it is - a hack to keep IPv4 alive. And doing away with NAT would eliminate a lot of headaches that cramming dozens of PCs into one public IP address has created. Of course...we'd get other headaches in exchange... But nothing is perfect.
"Work is the curse of the drinking classes." -Oscar Wilde
Your large company has idiots for IT then. There's no reason not to use WSUS, then you have one server downloading from the internet, and clients pulling from that (or another interal downstream server). And you set it to do so at 3AM when no one is around.
Imagine all your PC's have their own IP address. (Scenario more likely if you have IPV6). You can put a firewall where your NAT used to be, have all the advantages of NAT and none of the disadvantages. NAT is an ugly hack which, by pure coincidence, turns out to have some firewall-ish features.
10 ?"Hello World" life was simple then
Stop the BITS and Automatic Updates services and then delete (or rename) C:\Windows\SoftwareDistribution. Then restart the BITS and Automatic Updates services.
Script: You should also apply these updates if you haven't before:
http://support.microsoft.com/kb/927891
Installing the WUA 3.0 with the
The road to tyranny has always been paved with claims of necessity.
We have a fairly strong infrastructure of MATLAB, Excel, SQL, and Access (all working together) for handling incoming data, processing it, creating easy to read and edit reports with pretty charts for the CEO types, and finally storing it and analyzing it for future access.
We typically receive the data in Excel and do some basic transformations into Access (rarely do our clients understand Access) where we can do some of the simpler SQL stuff (not everyone here understands SQL) and push the main data into SQL. From here, Matlab can pull the data out in the formats it needs, run some calculations, and spit out pretty results to Excel that can be sent directly to our clients for review -- charts and all.
I can imagine dozens of ways to use Excel to compromise a system, but the important thing here is that idiots shouldn't open and run macros in Excel if they don't know what they do, or where they come from. Excel is the winning spreadsheet for us because we can do absolutely anything in it -- from simple optimization algorithms, to a piece in a larger application.
If some of you Microsoft haters actually understood some of the power within the Office group (interop is wonderful) then you might not hate it quite so much.
... The only Vista bug that I can see in this bulletin is "Moderate", not "Critical". That's because there are multiple levels of protection, kinda like those in OpenBSD and SELinux. Remember, NSA had a say in Vista's design. There is Mandatory Integrity Control (something not widely known, I believe it's separate from UAC and is mostly under-the-hood stuff), Address Space Randomization, buffer guards, low-integrity for IE, reduced privileges for services, nothing can escalate without an in-your-face irritating UAC (Union Aerospace Corporation, anyone?) prompt, and of course, lots of pixie dust I can't talk about. So in case there's a buffer overflow (take the ANI bug for instance) - there are a few layers of mitigation that seem almost unbreakable *AT THIS TIME*. I'm yet to read news about a pwned Vista box. I'm sure it's possible that some clever guy somewhere will write an exploit that dodges all that stuff, but it obviously is taking much, much longer than with any other OS, except, of course, for OpenBSD (kudos there) :) . Of course there will be bugs in legacy code that are still there. But layered security and systematic elimination of bugs work.
Microsoft *did* hire some of the best security experts available lately. And I can say it shows. At least now I feel not very scared to use IE when I have to.
Then of course, everyone loves "Free Games!!!11eleven", mushy-mushy desktop pets, free trial CDs, free money from your late uncle from central Boozemania or whatever. If your user account gets pwned, and your user has access inside the network of your company, you're toast no matter what OS you run.