[Full-disclosure] Re: It's not that simple...

[Florian Weimer <fw@xxxxxxxxxxxxx>]

* Micheal Espinola, Jr.:

> PnP is not a show stopper when it comes to patch compatibility testing
> - especially considering the fact that the exploit allows for remote
> code execution and elevation of privilege.  Perhaps certain people
> need to learn or take a refresher course of what that exactly implies.

It doesn't exactly help that Microsoft puts random unrelated crap into
security updates and not just the fix.  This means that you have to
perform full regression tests even if something is patched that isn't
actually used on your systems.

> And I'd say it is just that simple when you consider the fact that San
> Diego County waited to install the patch *the night after* they got
> hit by the worm.  *That's* why organizations like San Diego County,
> with ~12,000 Win2k hosts, were bitten so badly.

Doesn't the exploit code need a null session?  This leads to the
question why people have 12,000 Windows boxes, 2000 or not, on their
network, many of them offering null sessions.  Especially since
disabling null sessions makes tons of other exploits (which use the
leaked data for guessing administrator passwords, for example) quite a
bit harder.  It's actually rather surprising that they had no previous
botnet experience with such a setup.  Maybe they just didn't notice.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/