You have to balance the risk vs benefit for your organization, and determine the best way to push the patch. I think the general consensus is to deploy rapidly/aggressively, but you need to define what that is for your company. I do know of at least one large company, which slam dunked it onto the core infrastructure (mixed 2K8 and 2K3) servers without any issues, and are patching the rest of the servers as quickly as they can. My general experience has been that the common problem doing something like this, is managing the other types of failures that only show up during the reboot – failed disks, etc… It’s difficult to reboot thousands of servers, without some small percentage of them (still a big number) needing some extra love. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jack Parkin Sent: Thursday, October 23, 2008 11:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] We haven’t had an out of band patch this fast …. so FYI and keep an eye out tomorrow morning Anyone think taking a few days to deploy this patch in a phased approach is more dangerous than slamming it onto every system tonight and possibly having issues from the patch itself? -Jack “joe” <listmail@joeware.net> Sent by: ActiveDir-owner@mail.activedir.org 10/23/2008 01:16 PM Please respond to ActiveDir@mail.activedir.org To <ActiveDir@mail.activedir.org> cc Subject RE: [ActiveDir] We haven’t had an out of band patch this fast …. so FYI and keep an eye out tomorrow morning Its an RPC Worm Food Vuln people… Its sort of mitigated on Vista and Windows Server 2008 because it needs an authenticated user, not Anon and I just know we are all running Vista and K8… Get to patching… Worms will likely be out before we see the sunrise tomorrow. Lots of detail in the bulliten and of course the bad guys now have the patch executable to reverse from if they didn’t already know about this. http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx For those that say they are safe because they are firewalled off from the internet… Let me chuckle a moment and then say patch anyway. ;o) joe — O’Reilly Active Directory Third Edition – http://www.joeware.net/win/ad3e.htm —–Original Message—– From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe Sent: Thursday, October 23, 2008 12:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] We haven’t had an out of band patch this fast …. so FYI and keep an eye out tomorrow morning 25 minute countdown on this… Hope everyone is paying attention. This is definitely on the unusual side, a week after patch Tuesday… I expect we will be scrambling to get this into place fast… joe — O’Reilly Active Directory Third Edition – http://www.joeware.net/win/ad3e.htm —–Original Message—– From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan Bradley Sent: Thursday, October 23, 2008 1:11 AM To: activeDir@mail.activedir.org Subject: [ActiveDir] We haven’t had an out of band patch this fast …. so FYI and keep an eye out tomorrow morning —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 ******************************************************************** Microsoft Security Bulletin Advance Notification for October 2008 Issued: October 22, 2008 ******************************************************************** This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on October 23, 2008. The full version of the Microsoft Security Bulletin Advance Notification for October 2008 can be found at http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx. This bulletin advance notification will be replaced with the revised October bulletin summary on October 23, 2008. The revised bulletin summary will include the out-of-band security bulletin as well as the security bulletins already released on October 14, 2008. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/Bulletin/advance.mspx. To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx. Microsoft will host a webcast to address customer questions on this out-of-band security bulletin on October 23, 2008, at 1:00 PM Pacific Time (US & Canada). Register for this out-of-band Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx. Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information. This advance notification provides the software subject as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity: Critical Security Bulletin ============================ Windows Bulletin – Affected Software: – Microsoft Windows 2000 Service Pack 4 – Windows XP Service Pack 2 and Windows XP Service Pack 3 – Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 – Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 – Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 – Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium based Systems – Windows Vista and Windows Vista Service Pack 1 – Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 – Windows Server 2008 for 32-bit Systems (Windows Server 2008 Server Core installation affected) – Windows Server 2008 for x64-based Systems (Windows Server 2008 Server Core installation affected) – Windows Server 2008 for Itanium-based Systems – Impact: Remote Code Execution – Version Number: 1.0 Other Information ================= Non-Security, High-Priority Updates on MU, WU, and WSUS: ======================================================== For information about non-security releases on Windows Update and Microsoft update, please see: * http://support.microsoft.com/kb/894199: Microsoft Knowledge Base Article 894199, Description of Software Update Services and Windows Server Update Services changes in content for 2008. Includes all Windows content. * http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows Recognize and avoid fraudulent e-mail to Microsoft customers: ============================================================= If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx. To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** —–BEGIN PGP SIGNATURE—– Version: PGP Desktop 9.9.0 (Build 397) Charset: utf-8 wsFVAwUBSP/4MFKuubOIpnsTAQI0ahAAj6r/fZpWPEJlIAk1+KWvHE3xeOr6f5/Z cDS8VZqYq/ktHJ5KsOALuxTtixO/mFA6c9OTJTNJCQ2MhVecgHttX58MmgdR9svs ybnywOCJkiJ4vwpWzbnpCvC9uheMuCLPOAeaTbtqvz+05wCvB6Ka1C4caML2JTHX mw38NHPfEMIIQT5cFcs1g1b6ekQTWaef1zSRxYl+tdEEo7j1zQI29an7nEiEl/QO dM+JSLuXDl49hntJhQObren4kj4V97mPZmbNGG+9Lj1UpiWkfqdsquhzXgKVlhft zvFuKNz9C2ROI+q1nVgf28yayKUDZm1DBZgyYrgI1kEj6QuJ4nTeCOE1x+q3Zn8r Qb+Ym0dmsLyOAhxbUcxPjhOjJeuiLmq7Z7LQp4+hA9SCEusu1oJVzZCoRPSRPDOe y1O94KLmhvQPMnvtBVk+FEpDmE/eAmIVHVSh+esJ0GjNpahtia9+jWrngBAksNtw ePtwiyLnEVbSA1C99roCkC4uOBL8smuuOMN2KUnKHK7Y9gEp30Dx/3JuALSjCmaG BKzZr4PIsjv8MmKYpRp+r3FjZg0OCHc6Vp4XjZOa9RjBWBMeY3MAIcbaTwJXF5zQ EGB6×08j9WzgrTumRs5C0OXoCpiZdtV7Op93h/lvrZGMGbiAGPgYp/pmdTr/bf4s V+1lO1yCC7E= =vVcQ —–END PGP SIGNATURE—– List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

The rest is here:
RE: [ActiveDir] We haven’t had an out of band patch this fast …. so FYI and keep an eye out tomorrow morning

Related posts

• [ActiveDir] Why is MS in freak out Mode about MS08-067 (0)
• [ActiveDir] MS08-67 where can I find a tool to check a hotfix presence? (0)
• [ActiveDir] DC reboot / Java connection errors (0)
• US-CERT Cyber Security Alert SA09-041A — Microsoft Updates for … (0)
• Update Protection against Microsoft Windows AVI Processing … (0)