[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] So why take migitation action anyway? - THE OFFICIAL BLOG OF THE SBS DIVA
Mon, Apr 16 2007 23:42 bradley

So why take migitation action anyway?

http://blogs.technet.com/sbs/archive/2007/04/16/the-kb-935964-dns-server-vulnerability-and-sbs.aspx

So why patch if SBSers have a limited number of ports open anyway?

Well for one, I'm not smart enough to know if they can build this thing to poke at 1723 and 3389 (Keep in mind I don't keep 3389 open anyway).  Right now it looks like they are hitting 1025 once they get inside, but they've also coded up a virus payload to get in via my workstations/stupid users.

When it's a real quick registry add, a stop restart of the DNS server that does not force me to reboot the box and it protects, that's why.

Also it's not just a 'from remote' attack, they are building viruses to drop in behind my battle lines.

http://www.incidents.org/diary.html?storyid=2643
http://vil.nai.com/vil/content/v_142025.htm
And my antivirus vendor, Trend isn't on the list of a/v vendors finding that one.

Tinfoil and paranoia.  :-)

Filed under:

# Vlad Mazek - Vladville Blog » Blog Archive » Why not to install Outlook 2007 Performance Patch (KB933493)

# re: So why take migitation action anyway?

Tuesday, April 17, 2007 3:59 PM by Greg Nixon

I have written a little vb script to update the registry and stop and start the DNS service since I am lazy and have a few servers to do it to :)

If anyone wants it (at their own risk) they can download from

http://www.nzcs.co.nz/files/updatedns.zip