Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Microsoft Security, baby steps ?
From: "Daniele Muscetta" <daniele () muscetta com>
Date: Wed, 17 Mar 2004 10:00:47 +0100 (CET)

Geoincidents said:

Come on Microsoft. How about putting together a single file that
contains all the "critical" security updates since the last service
pack for a
given
OS?

I'm with you, this is nuts:

to secure 2000 without using the network and windowsupdate:

install 2000
sp4
Windows2000-KB823559-x86-ENU.exe
WindowsMedia41-KB822343-x86-ENU.exe
Windows2000-KB823980-x86-ENU.exe
q329414_mdacall_x86.exe
Windows2000-KB819696-x86-ENU.exe
q822925.exe
Q823718_MDAC_SecurityPatch.exe
q330994.exe
WindowsMedia71-KB817787-x86-ENU.exe
wm320920_64.exe
Windows2000-KB824146-x86-ENU.exe
Windows2000-KB823182-x86-ENU.exe
Windows2000-KB826232-x86-ENU.exe
Windows2000-KB828035-x86-ENU.exe
Windows2000-KB825119-x86-ENU.exe
Windows2000-KB824141-x86-ENU.exe
q828750.exe
Windows2000-KB828749-x86-ENU.exe
q824145.exe
Windows2000-KB810217-x86-ENU.exe
officexp-KB813380-client-ENG.exe  (office ones are FP extension
patches) office2000-kb822035-client-enu.exe
ENU_Q832483_MDAC_x86.EXE
Windows2000-KB828028-x86-ENU.EXE
Windows2000-KB329115-x86-ENU.exe
msjavwu.exe
Windows-KB833330-ENU.exe
Windows2000-KB824105-x86-ENU.exe
Q832894.exe



....I know, you roughly have some 26 Megabytes of patches to be installed
POST-SP4 and POST IE60SP1 on W2K.

Is any other OS any better lately ?
yesterday I was installing a SUSE test box, WITHOUT AN INTERNET
CONNECTION, and I took a look at what I should have installed:


Patches for SuSE Linux Enterprise Server 8 for x86:

SuSE Linux Maintenance Web (SuSE-Linux-Enterprise-Server-8-for-x86)
• Security update for XFree86 (08. Mar 2004)
• Recommended update for gcc (01. Mar 2004)
• Security update for mozilla (27. Feb 2004)
• Security update for gnome-session (24. Feb 2004)
• Security update for libxml2-devel (23. Feb 2004)
• Security update for libxml2 (20. Feb 2004)
• Security update for mod_python (17. Feb 2004)
• Update for cyrus-imapd (13. Feb 2004)
• Security update for XFree86 (12. Feb 2004)
• Security update for package mutt (12. Feb 2004)
• Security update for Linux kernel (10. Feb 2004)
• Recommended update for yast2-restore (04. Feb 2004)
• Security update for netpbm (27. Jan 2004)
• Security update for package gawk (22. Jan 2004)
• Security update for package zebra (22. Jan 2004)
• Security update for package tcpdump (22. Jan 2004)
• Optional package to convert to EAL3+ certified system (21. Jan 2004)
• Recommended update for package openssl (20. Jan 2004)
• Recommended update for RPM (14. Jan 2004)
• Recommended update for package rpm-devel (14. Jan 2004)
• Recommended update for cyrus-imapd (12. Jan 2004)
• Security update for Midnight Commander (mc) (12. Jan 2004)
• Security update for CVS (12. Jan 2004)
• Security update for XFree86 (12. Jan 2004)
• Security update for 3ddiag (08. Jan 2004)
• Security update for tcpdump (08. Jan 2004)
• Security update for Linux kernel (k_debug, kernel-source) (30. Dec 2003)
• Security update for Linux kernel (30. Dec 2003)
• Security update for package ethereal (19. Dec 2003)
• Optional update for package km_fritzcapi (16. Dec 2003)
• Optional OpenMotif version for Oracle installations (16. Dec 2003)
• Security update for package screen (09. Dec 2003)
• Security update for package rsync (04. Dec 2003)
• Security update for freeradius (28. Nov 2003)
• Security update for package dhcp-server (21. Nov 2003)
• Security update for xinetd (18. Nov 2003)
• Security update for ethereal (18. Nov 2003)
• Security update for gdm2 (17. Nov 2003)
• Security update for zebra (17. Nov 2003)
• Recommended update for Gnome2-SLES (10. Nov 2003)
• Security update for CUPS (05. Nov 2003)
• UnitedLinux 1.0 x86 Service Pack 3 (04. Nov 2003)
• Optional update: The Linux Audit System (LAuS) (31. Oct 2003)
• Security update for PostgreSQL-Server (22. Oct 2003)
• Recommended update for AVM Fritz Card! DSL (22. Oct 2003)
• Security update for fileutils (21. Oct 2003)
• Security update for ircd (17. Oct 2003)
• Security update for KDE / kdm (17. Oct 2003)
• Security update for kdebase3-kdm (10. Oct 2003)
• Security update for kdelibs3 (10. Oct 2003)
• Security update for Acrobat Reader (07. Oct 2003)
• Security update for package openssl (30. Sep 2003)
• Security update for package openssl-devel (30. Sep 2003)
• Security update for mysql (29. Sep 2003)
• Security update for unzip (27. Sep 2003)
• Security update for mysql-devel (26. Sep 2003)
• Security update for mysql-client (23. Sep 2003)
• Security update for mysql-shared (23. Sep 2003)
• Security update for sendmail (19. Sep 2003)
• Security update for openssh (18. Sep 2003)
• Security update for OpenSSH (16. Sep 2003)
• Security update for package whois (01. Sep 2003)
• Security update for man (27. Aug 2003)
• Recommended update for cyrus-imapd (27. Aug 2003)
• Security update for sendmail (25. Aug 2003)
• Security update for pam_smb (21. Aug 2003)
• Security update for gdm2 (18. Aug 2003)
• Security update for PHP4 (15. Aug 2003)
• Security update for Linux kernel (08. Aug 2003)
• Security update for package postfix (31. Jul 2003)
• Security update for package lprng (28. Jul 2003)
• Security update for wget (21. Jul 2003)
• Security update for Linux kernel (18. Jul 2003)
• Security update for freeradius (17. Jul 2003)
• Security update for ethereal (15. Jul 2003)
• Security update for acroread (14. Jul 2003)
• Security update for package man (14. Jul 2003)
• Security update for Linux kernel (11. Jul 2003)
• Security update for nfs-utils (11. Jul 2003)
• Recommmended update for sh-utils (10. Jul 2003)
• Security update for unzip (09. Jul 2003)
• Recommended update for ypserv (08. Jul 2003)
• Recommended update for yast2-users (07. Jul 2003)
• Recommended update for for YaST2 Online Update (27. Jun 2003)
• Security update for package snort (27. Jun 2003)
• Security update for mod_php4 (27. Jun 2003)
• Recommended update for package xcin (24. Jun 2003)
• Security update for ghostscript-library (16. Jun 2003)
• Security update for package vnc (16. Jun 2003)
• Recommended update for util-linux (16. Jun 2003)
• Recommended update for package syslogd (13. Jun 2003)
• Security update for PHP4 (12. Jun 2003)
• Optional update for cyrus-imapd (12. Jun 2003)
• Security update for cups (06. Jun 2003)
• Package for transition of SLES8 to an EAL2 certified system (03. Jun 2003)
• Security update for package ppp (02. Jun 2003)
• UnitedLinux 1.0 x86 Service Pack 2a (SP2+hotfix) (23. May 2003)
• Security update for Linux kernel (22. May 2003)
• Security update for package pptpd (14. May 2003)
• Security update for package snort (13. May 2003)
• Security update for package ethereal (12. May 2003)
• Security update for package openssh (12. May 2003)
• Security update for package xshared (12. May 2003)
• UnitedLinux 1.0 x86 Service Pack 2 (SP2) (30. Apr 2003)
• Recommended update for autofs (29. Apr 2003)
• Security update for dhcp-server (29. Apr 2003)
• Security update for dhcp-relay (29. Apr 2003)
• Security update for KDE (16. Apr 2003)
• Security update for samba (07. Apr 2003)
• Security update for Sendmail (package sendmail-devel) (01. Apr 2003)
• Security update for Sendmail (package sendmail) (01. Apr 2003)
• Security update for package Samba (samba-client) (31. Mar 2003)
• Security update for package postgresql-server (28. Mar 2003)
• Security update for package openssl (28. Mar 2003)
• Security update for package grub (27. Mar 2003)
• Security update for openldap2 (25. Mar 2003)
• Security update for Linux kernel (kernel-source) (24. Mar 2003)
• Security update for Linux kernel (k_debug) (24. Mar 2003)
• Security update for Linux kernel (k_deflt) (24. Mar 2003)
• Security update for Linux kernel (k_psmp) (24. Mar 2003)
• Security update for Linux kernel (k_smp) (24. Mar 2003)
• Security update for Linux kernel (k_athlon) (24. Mar 2003)
• Security update for package mutt (21. Mar 2003)
• Security update for Samba (package samba-client) (18. Mar 2003)
• Security update for ethereal (18. Mar 2003)
• Security update for netpbm (18. Mar 2003)
• Security update for Samba (package samba) (18. Mar 2003)
• Security update for libnetpbm (18. Mar 2003)
• Security update for package qpopper (13. Mar 2003)
• Security update for package file (13. Mar 2003)
• Recommended update for package yast2-mail (10. Mar 2003)
• Security update for package wget (10. Mar 2003)
• Security update for package tcpdump (10. Mar 2003)
• SuSE Linux Enterprise Server 8 Patch CD 1 Image (05. Mar 2003)
• Security update for sendmail (package sendmail) (03. Mar 2003)
• Security update for sendmail (package sendmail-devel) (03. Mar 2003)
• Security update for package mysql (28. Feb 2003)
• Security update for package mysql (28. Feb 2003)
• Security update for package w3m_ssl (28. Feb 2003)
• Security update for package mysql (28. Feb 2003)
• Security update for package mysql (28. Feb 2003)
• Security update for OpenSSL (package openssl-devel) (21. Feb 2003)
• Recommended update for nagios (21. Feb 2003)
• Security update for OpenSSL (21. Feb 2003)
• Security update for OpenLDAP (20. Feb 2003)
• Security update for package libmcrypt (20. Feb 2003)
• Security update for VNC (20. Feb 2003)
• Recommended update for package mon (14. Feb 2003)
• Recommended update for YOU (11. Feb 2003)
• Recommended update for Linux kernel (k_smp) (03. Feb 2003)
• Recommended update for Linux kernel (k_debug) (03. Feb 2003)
• Recommended update for Linux kernel (kernel-source) (03. Feb 2003)
• Recommended update for Linux kernel (k_psmp) (03. Feb 2003)
• Recommended update for Linux kernel (k_athlon) (03. Feb 2003)
• Recommended update for Linux kernel (k_deflt) (03. Feb 2003)
• Security update for openldap2 (30. Jan 2003)
• Recommended update for package compat (29. Jan 2003)
• Recommended update for package star (29. Jan 2003)
• Security update for SuSEfirewall2 (29. Jan 2003)
• Security update for mod_php4 (24. Jan 2003)
• Recommended update for package yast2-nis-client (23. Jan 2003)
• Recommended update for package kbd (23. Jan 2003)
• Security update for CVS (17. Jan 2003)
• Security update for CVS (17. Jan 2003)
• Security update for package siga (16. Jan 2003)
• Recommended update for package ucdsnmp (16. Jan 2003)
• Security update for fam (13. Jan 2003)
• Security update for package susehelp (13. Jan 2003)
• Security update for package siga (13. Jan 2003)
• Security update for libpng (09. Jan 2003)
• Security update for package cups (07. Jan 2003)
• Optional update for Linux kernel (k_debug) (04. Jan 2003)
• Optional update for Linux kernel (k_psmp) (04. Jan 2003)
• Optional update for Linux kernel (k_athlon) (04. Jan 2003)
• Optional update for Linux kernel (k_deflt) (04. Jan 2003)
• Optional update for Linux kernel (kernel-source) (04. Jan 2003)
• Optional update for Linux kernel (k_smp) (04. Jan 2003)
• Security update for MySQL (20. Dec 2002)
• Security update for fetchmail (20. Dec 2002)
• Recommended update for xntp (20. Dec 2002)
• Recommended update for package bc (20. Dec 2002)
• Security update for webalizer (19. Dec 2002)
• Recommended update for YaST2 module yast2-core (13. Dec 2002)
• Recommended update for YaST2 module yast2-update (13. Dec 2002)
• Recommended update for YaST2 module yast2-bootloader (13. Dec 2002)
• Recommended update for YaST2 module yast2-storage (13. Dec 2002)
• Recommended update for YaST2 module yast2-country (13. Dec 2002)
• Security update for package canna (12. Dec 2002)
• Recommended update for YaST2 (02. Dec 2002)
• Recommended update for package perl-Net_SSLeay (27. Nov 2002)
• Recommended update for package autoyast2-installation (27. Nov 2002)
• Recommended update for package seccheck (26. Nov 2002)
• Optional update for yast2-installation (25. Nov 2002)
• Recommended update for package mlterm (19. Nov 2002)
• Recommended update for package netdate (19. Nov 2002)
• Recommended update for autoyast2 (18. Nov 2002)
• Recommended update for gdm2 (18. Nov 2002)
• Recommended update for package hwinfo (18. Nov 2002)
• Recommended update for ISDN (18. Nov 2002)
• Recommended update for package sysconfig (18. Nov 2002)
• Recommended update for freetype2 (18. Nov 2002)
• Recommended update for package readline (18. Nov 2002)
• Recommended update for globus (18. Nov 2002)
• Recommended update for package sax2 (18. Nov 2002)
• Security update for Linux Kernel (k_athlon) (15. Nov 2002)
• Security update for Linux Kernel (k_deflt) (15. Nov 2002)
• Security update for Linux Kernel (kernel-source) (15. Nov 2002)
• Security update for Linux Kernel (k_smp) (15. Nov 2002)
• Security update for Linux Kernel (k_psmp) (15. Nov 2002)
• Security update for Linux Kernel (k_debug) (15. Nov 2002)
• Security update for Horde (14. Nov 2002)
• Recommended update for seccheck (13. Nov 2002)
• Recommended update for package star (11. Nov 2002)
• Optional update for glibc (11. Nov 2002)




NT4 is even worse and before they are allowed to completely drop
support for NT4 they should at least have the decency to do a rollup of
all the patches so it's left in some sort of workable condition for
those who aren't upgrading.


and hasn't RedHat done the same dropping support for various redhat linux
7.x or 8 still in wide use ??.....and they were not even *as* old as WinNT4 is ....

No flame.
Just considering that THESE DAYS of one vulnerability found after
another.... it's just all the same.You have to patch, and have to be on a broadband connection to be able to
do so.
Isn't this the following big step of the market ?
Free software to everyone, and SUBSCRIPTION/ABONMENT for updates ?
I bet it is.

I am not sure I like it, but I am quite sure it is going to be that way.

cheers,

Daniele




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]