RE: Impressions - April Microsoft Patches

[Jon Pitts <[EMAIL PROTECTED]>]

I wonder if anyone would like to comment on this analysis of the Witty Worm
outbreak by CAIDA.

http://www.caida.org/analysis/security/witty/

The part that got my attention was "The patch model for Internet security has
failed spectacularly" These folks at CAIDA are no chumps, however the study
was sponsered in part by Cisco (the makers of NAS). Anyway, it says..

"The vulnerable host population pool for the Witty worm was quite different
from that of previous virulent worms....In contrast, the Witty worm infected a
population of hosts that were proactive about security -- they were running
firewall software. The Witty worm also started to spread the day after
information about the exploit and the software upgrades to fix the bug were
available"

and goes on to say..

.."Witty was the first widespread Internet worm to attack a security
product. .. the fact that all victims were compromised via their firewall
software the day after a vulnerability in that software was publicized
indicates that the security model in which end-users apply patches to plug
security holes is not viable"...

..."The patch model for Internet security has failed spectacularly"...

Don't shoot the mailman. CAIDA is addressing the Internet at large, and is
recognizing home/end users. I was wondering if there are any big plans for the
future of Patch Management as an Internet security solution in light of Zero
Day attacks, Network device attacks, and End User weaknesses.


thanks
jon





Quoting Kerry Steele <[EMAIL PROTECTED]>:

 With exploit code surfacing the same day, it would be nice to have some
 form of advanced warning about possible mitigation techniques ahead of
 time (if any).  Seems like a repeat of the lack of timely information
 similar to MS04-007.

 What good is a patch management tool when the vendors don't release
 patches for 6-9 months, by which time the security researchers are ready
 to pull the trigger on their PoC exploit code?

 Good configuration management, user mgmt/education, and good
 old-fashioned system hardening/lockdown techniques must always accompany
 a PM solution.

 With the release of these particular patches, I sympathize for the folks
 that don't have a good PM program in place already.

 Cheers,
 Kerry Steele

 ________________________________

 From: Paul Nelson [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, April 13, 2004 4:38 PM
 To: Patch Management Mailing List
 Subject: Impressions - April Microsoft Patches


 Although I am applauding Microsoft for making some more efficient moves
 in patch releases to save admins from running around and screaming all
 of the time, this seems like a lot of holes to cover at once.

 What is everyone's reaction to the seriousness of these?  With more
 vulnerabilities against domain controllers, ASN.1, and RPC services for
 example, we are facing a very difficult time to keep from being
 exploited.  I'm just concerned about the testing I need to do prior to
 rollout of these....it needs to be pretty extensive due to the impact.
 (even with extensive patch management tools in place)

 I'm not complaining as I'm glad that these have all been identified, but
 it comes as a surprise to see this may issues that were all released
 today.

 I'm interested in seeing other viewpoints and opinions.....



 Paul Nelson
 Network Specialist
 Medical College of Ohio
 (419) 383-3638
 [EMAIL PROTECTED]
 ---
 To unsubscribe send a blank email to
 [EMAIL PROTECTED]


 ---
 To unsubscribe send a blank email to [EMAIL PROTECTED]



---
To unsubscribe send a blank email to [EMAIL PROTECTED]