Home page logo

basics logo Security Basics mailing list archives

Re: Re: MS08-030 - Critical (if you do not run bluetooth?)
From: ad33lh () gmail com
Date: Fri, 3 Apr 2009 12:56:12 -0600


Your key concern is the current state and ease of support.  From this point of view the downside of patching is the 
testing and implementation time/resources.  Quite small unless you find an issue (which could then be used to justify 
not implementing the patch).  The upside would be that you are safer in cases where the purpose of the box changes or 
someone or something introduces vulnerable components.  Another consideration is that many service contract include 
statements to the effect that the box must be at the current patch level - so no patching could negatively effect or 
negate the service provided to you.  I have personnaly experienced where a vendor support team would not continue to 
troubleshoot an issue until a patch had been installed and the problem verified as still there.

The best course of action would seem to be to patch and remove a known vulnerability.


This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]