Re: [SAGE] What are you all doing about the WMF exploit?

["Richard Johnson" <rdump@river.com>]

At 17:13 -0800 on 2006-01-04, Mario Obejas wrote:
> Richard, I really appreciate your response.
> Did you mean 6 out of 16 hosts? I did not understand the /16.


6 out of 2000+ hosts on a /16 network allocation (netmask 255.255.0.0).


> Also, can you elaborate on context, e.g., users  of the compromised hosts,
> e.g.,
> ISP customers?
> Engineers?
> Office workers?


The hosts are in use by office workers, engineers, technicians, scientists
and family members abusing those employees' laptops at their homes.  I
haven't tried to break it down between the groups.

Of course, this is now mooted by MS's release of their official patch.
Normally, we'd mandate that on an emergency basis given the criticality
rating.

However, the MS patch coexists quite happily with the Guilfanov unofficial
patch, so we're not in as crashing a hurry for the official one now.  We'll
thus be applying the official patch in a more leisurely manner, and later
removing the Guilfanov patch as users reboot.


Richard