>>you do realize that you are writing for the "Enterprise News & Reviews" magazine, eWeek - right?
Yeah. Online we get a little leeway on such things, and anyway it's beside the point of that statement, which was that none of the current attacks will directly infect Windows XP systems, including consumer systems, and therefore will not linger there. To illustrate the point, it's a long time now since the RPC/DCOM bug was patched and still there are lots of infected systems out there spitting Blaster at the world; how many do you think are in Fortune 500 companies as opposed to consumer systems? >>You also realize that MS05-039 effects the current "consumer" version of Microsoft Windows (aka Windows XP) - right? The vulnerability does, but not any (to my knowledge, as of 12:something on Wednesday) of the exploits. It affects Windows XP differently than it does Windows 2000; with Windows XP SP1 it requires an authenticated user, with SP2 it requires an authenticated user with "log on locally" rights. This means that the worm will have to add something like a dictionary attack to look for weak user/password combinations. I don't disagree with what you say about security practices and the need to patch quickly. This attack came on very quickly and I think it reveals more about bad general security practices than slow patching practices. >>Any vulnerability that would allow for remote code execution and elevation of privilege should be treated as a top priority, from both internal and external attack vectors. It's clear that large companies won't patch immediately without some testing, and I can respect that. The answer isn't that they should shut up and patch, it's that they should have effective layered security practices in place that would mitigate attacks such as this even without the patches. I shouldn't be surprised that there is so much bad security out in Fortune 500-land, but the answer to it is not to patch next-day. And I still think that the overall scale of this attack was exaggerated because it was media that was hit, and that the worm doesn't have long-term legs. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
