Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-06-15 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Patch day fallout minor, Sun Java updates, and What to do about Windows NT?

Published: 2005-06-15
Last Updated: 2005-06-16 00:38:06 UTC
by William Stearns (Version: 1)
0 comment(s)
Problems reported as a result of Microsoft patch day were rare,
and generally minor. One person reported that web pages no longer allow
content to be loaded into another frame in IE. We had conflicting
results on whether program defaults were reset by the patch set; some
people found that they were, others said their choices were left as is.

Sun Java vulnerabilities



Sun Java implementations (J2SE 1.4.2*, 5.0, and 5.0 update 1,
and Java Web start 5.0 and 5.0 update 1; Windows, Solaris, and Linux are
all affected) have vulnerabilities that "may allow an untrusted
application to elevate its privileges. For example an application may
grant itself permissions to read and write local files or execute local
applications that are accessible to the user running [the application or
applet]." J2SE 1.3.1_xx releases are not affected.

More details are available at:
,
,
, and
.

Many thanks to Peter Stendahl-Juvonen for bringing this to our
attention.

Windows NT



There's one thing that might be overlooked in the rush to patch
current Windows systems. Because Windows NT is unsupported (and Windows
2000's cutoff is rapidly approaching), you need to consider the effect
of leaving unpatched systems running. Many of the unpatchable
vulnerabilities are remote exploits of some form; as time goes on older
OS's are increasingly vulnerable.

This is certainly not peculiar to Windows OS's. The above
applies to any operating system for which patches are not being created.



-- Handler on Duty,

Keywords:
0 comment(s)
Diary Archives