Re: Will 839645 disable this?
From: George Hester (hesterloli_at_hotmail.com)
Date: 10/02/04
- Next message: Johan: "FIXED! Big memoryleak, but TaskManager won't tell"
- Previous message: Pegasus \(MVP\): "Re: Resetting my computer to a previous state"
- In reply to: Lanwench [MVP - Exchange]: "Re: Will 839645 disable this?"
- Next in thread: Lanwench [MVP - Exchange]: "Re: Will 839645 disable this?"
- Reply: Lanwench [MVP - Exchange]: "Re: Will 839645 disable this?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 2 Oct 2004 18:07:11 -0400
Lanwench I appreciate your feedback. One thing you may not know. Although articles are relevant to Windows NT 4 and Windows 95 the technology that is in those systems, still apply to Windows 2000. Windows 2000 is after all Windows NT 5. No it is not in my benefit to install a security update in the offchance and likely remote chance that I will be effected by it.
Let me explain by an example. Many security updates are NOT remote exploits. Exploits that are there by a user who logs on locally to the system and not as anonymous. Since that never happens on my servers those exploits I am pretty much immune to. And the risk of installing the security fix is more than the risk of someone with sufficient credentials is going to log on locally to my servers. Might happen yes but not likely.
We need to consider our security fixes as what is called Risk Assessment. There is a whole school of thought devoted to that. It's a science in its own right. My application of it is probably not as it should be done but I am not going to ignore it. Again thanks for your feedback.
-- George Hester __________________________________ "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message news:unQEIFMqEHA.3592@TK2MSFTNGP14.phx.gbl... > George Hester wrote: > > Here is KB839645: > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;839645 > > > > This fixes a security issue with the Windows Shell. There is no > > workaround for it and so that means if I remove this security > > vulnerablity it is permanent. I don't really like doing that unless > > I know the reprocussions. > > > > On this page: > > > > http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx > > > > we are directed to 839645 for a discussion of the known issues that > > can result from installing this security fix. All the issues seem to > > be specific to Windows XP and 2003. That's good for Windows 2000. > > But let's investigate further. > > > > Since 839645 says the it applies to Windows 2000 and there is no > > mention of Windows 2000 in the body of the article, we again are left > > in a quandry as to exactly how this fix can effect Windows 2000. To > > that end we must return to ms04-024.mspx link above and check out: > Affected software: > > ... > > Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack > 3, Microsoft Windows 2000 Service Pack 4" > > and.... > > Known issues > 871242 After you install security update 839645, you may again experience > symptoms that were fixed by hotfix 830411 for Windows XP Service Pack 1 > > 871262 Shortcuts on the desktop do not work after you install security > update 839645 in Windows NT 4.0 > > So they don't mention any *known* issues installing this on W2k. > > > > FAQ for Windows Shell Vulnerability. In this it says: > > > > What does the update do? > > The update removes the ability to use a CLSID as a file type within > > Windows Shell > > > > So I am assuming this is what this update does to Windows 2000. > > Yes, it's what it does for all the OSes you install it on. > > > That's all well and good but exactly what does that mean? Well > > googling we find this: > > > > http://www.microsoft.com/msj/archive/S332.aspx > > What did you google for? That's an old article about WinNT4 and Win95. Dated > from 1996. How is it relevant? Are you using NT4, and if so, did you make > the listed registry & .ini changes in it? > > > > an old article. I am assuming that if we install this Shell security > > fix then that article becomes null and void. In other words the > > Shell security fix will result in that article no longer working. > > Sometimes it takes a while for MS to update KBs - and sometimes they seem to > forget to. And this wasn't a KB article....but again, is it even relevant to > your server(s)? > > > And if so that seems not such a bright idea. > > The fact that this is a remote exploit makes this issue more > > disturbing but again I need to consider the likelihood of running > > into such a remote exploit versus the implications of installing the > > security update. > > > > What's the opinion of the experts here? Thanks. > > Install it. Take backups first. You need to keep on top of your updates. > >
- Next message: Johan: "FIXED! Big memoryleak, but TaskManager won't tell"
- Previous message: Pegasus \(MVP\): "Re: Resetting my computer to a previous state"
- In reply to: Lanwench [MVP - Exchange]: "Re: Will 839645 disable this?"
- Next in thread: Lanwench [MVP - Exchange]: "Re: Will 839645 disable this?"
- Reply: Lanwench [MVP - Exchange]: "Re: Will 839645 disable this?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
