You didn't read my words did you? Microsoft is saying evaluate. Things that don't require user interaction should absolutly be a priority. Other things may have mitigations in your environment in place already or because of the specificty of the configurations affected may not apply to you.
So, have I read his book? No. Nor is it really a sole justification to panic. The answer is evaluate the advisories relative to your environment. That seems something most people could agree to but appearently not. On Tue, Oct 18, 2011 at 10:20 AM, Rod Trent <[email protected]> wrote: > If you read Russinovich’s “Zero Day” book, you’ll want to panic. Of > course, since he works for Microsoft, maybe they’ll want him to revise it. > **** > > ** ** > > *From:* Steven Peck [mailto:[email protected]] > *Sent:* Tuesday, October 18, 2011 1:11 PM > > *To:* NT System Admin Issues > *Subject:* Re: Zero-day bugs overrated, Microsoft says**** > > ** ** > > So you are saying panic? If you are the target of a specially crafted > phishing attack just for you, you have a lot more problems then a specific > patch.**** > > On Tue, Oct 18, 2011 at 9:58 AM, Kennedy, Jim < > [email protected]> wrote:**** > > I think you have to include how big a target you might be. Zero day’s can > be pretty effective in a spear phishing attack. So if you are someone that > might be more of a target zero days become more of an issue.**** > > **** > > *From:* Steven Peck [mailto:[email protected]] > *Sent:* Tuesday, October 18, 2011 12:57 PM**** > > > *To:* NT System Admin Issues**** > > *Subject:* Re: Zero-day bugs overrated, Microsoft says**** > > **** > > Sounds like it.**** > > To be honest, I believe that MS has a point. They aren't saying they are > not important, they are saying to not panic. You need to asses the > information for each one.**** > > Zero day threat - **** > > 1. RDP will hit your system remotely and blow it up - you should probably > do something about this one sooner.**** > > 2. Customer must have ie7 (unpatched), word 2003, flash, and open a > specially crafted email package that got through your mail system filters - > well, maybe you don't have to panic and schedule an immediate change**** > > > > **** > > On Tue, Oct 18, 2011 at 9:50 AM, Jonathan Link <[email protected]> > wrote:**** > > So, bascially, I could've learned the same thing from Hitchhiker's Guide to > the Galaxy.**** > > **** > > On Tue, Oct 18, 2011 at 12:44 PM, Andrew S. Baker <[email protected]> > wrote:**** > > I think that the title of the article does not do that actual article > content justice. > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Tue, Oct 18, 2011 at 11:18 AM, David Lum <[email protected]> wrote:*** > * > > Thoughts? > > http://www.computerworld.com/s/article/9220705/Zero_day_bugs_overrated_Microsoft_says?taxonomyId=85 > **** > > *David Lum* **** > > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > **** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
