Learning to live with security bugs
Last week was not a good one for IT security. No sooner had Microsoft come clean about a buffer overflow vulnerability in Windows Server 2003, than Cisco had to fess up to an Internet Protocol version 4 packet problem on some of its routers.
Meanwhile, Gateway rolled out a new rev of its patch-notification process, and analysts tried to calculate how the time lost to emergency maintenance for patching indexed against the time that could be lost to attacks. And, in an ominous new development, the Gruel/Fakerr worm posed as a patch and as an anti-virus definitions update. Fortunately, the deceptive worm didnít hit too many machines, but it served as fair warning that nothing is safe anymore.
[ Read more ]
- News: Cisco flaw: fears ease (23 July 2003)
- News: Hackers attack Cisco flaw (21 July 2003)
- Press Release: Zone Labs Products Protect Against Latest Microsoft Vulnerability (18 July 2003)
- News: ISPs rush to fix Cisco flaw (17 July 2003)
- Vulnerability: Microsoft Windows Operating Systems Shell Buffer Overflow Vulnerability (17 July 2003)
- Advisory: Buffer Overrun In RPC Interface Could Allow Code Execution (17 July 2003)