Educause Security Discussion mailing list archives
Re: Microsoft IIS security update ms08-006 looks critical to me
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Thu, 14 Feb 2008 10:09:39 -0700
Fwiw, we have a process every patch Tuesday that helps address risk. I won't bore you with all the details of our processes, but one thing we find very useful is the internet storm center assessment: http://isc.sans.org/diary.html?storyid=3973 In particular, the client/server breakdown and the "known exploits" column are helpful in assessing risk. Since 08-006 doesn't have a public exploit yet, it doesn't fall into the most urgent category for us, which means we'll find a convenient time to patch our servers this week. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
-----Original Message----- From: David Shettler [mailto:dshettle () HOLYCROSS EDU] Sent: Tuesday, February 12, 2008 3:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Microsoft IIS security update ms08-006 looks critical to me Given that the vector is not disclosed (never is), it could be such that the complexity of executing an exploit against said vulnerability is not conducive to automated propagation. Without knowing the full details it is difficult to judge. Based on the information provided I agree with your position, however. Dave Shettler ITS, College of the Holy Cross Lead Dev. OSVDB
Current thread:
- Microsoft IIS security update ms08-006 looks critical to me Gary Flynn (Feb 12)
- <Possible follow-ups>
- Re: Microsoft IIS security update ms08-006 looks critical to me David Shettler (Feb 12)
- Re: Microsoft IIS security update ms08-006 looks critical to me Basgen, Brian (Feb 14)
- Re: Microsoft IIS security update ms08-006 looks critical to me Basgen, Brian (Feb 14)
- Re: Microsoft IIS security update ms08-006 looks critical to me Curt Wilson (Feb 14)
- Re: Microsoft IIS security update ms08-006 looks critical to me Gary Flynn (Feb 15)