Microsoft Security Bulletin vs Workarounds

TheMSsForum.com: The Microsoft Software Forum

I would like to know if applying a Microsoft Security Bulletin workaround is
sufficient enough. Some of these bulletins to not always seem to apply and
the workaround seems to be the best answer, but is it?

For example, the MS 04-041 Microsoft Security Bulletin workaround reads that
the workaround "helps reduce attacks"....and? It does not go on to provide
further information as to what is or not reduced.

All assistance is appreciated. Thank you


-brian-
Top

Re: Microsoft Security Bulletin vs Workarounds by Bob

Bob
Tue Dec 21 17:43:30 CST 2004

>I would like to know if applying a Microsoft Security
>Bulletin workaround is sufficient enough.

Short answer: No.

Slightly longer answer: Workarounds are provided to assist customers to
make educated decisions about the steps they can take to increase their
security posture while they evaluate deploying a particular patch. That is,
it helps them put other measures in place while they test a patch before
deploying. It buys them a LITTLE time. Keep this in mind: Workarounds
NEVER fix the underlying vulnerability. Only the patch does that.

In the example you mention, MS04-041, there are two vulnerabilities
associated with WordPad. For each vulnerability there are mitigating
factors and workarounds listed. They are often complicated and it takes
some getting used to and a fair amount of knowledge about your system(s).
However, all security is about evaluating risks, and if the mitigating
factors don't match your environment or the workarounds are more trouble
than they're worth, then move on.

More specifically from your example, "Deleting the following registry keys
will help reduce attacks by preventing WordPad from processing Word for
Windows 6.0 documents." Actually that seems pretty self-explanatory, but
just in case ... the particular vulnerability is associated with the Word
for Windows 6.0 converter. If you delete the specific keys called out by
the article, WordPad won't be susceptible to an attack from a Word for
Windows 6.0 document, because you will have disabled that functionality
within WordPad. You won't be able to open any Word for Windows 6.0
documents in WordPad.

This is not material suitable for end users (such as my 80 year old
mother-in-law); however, it is provided so IT and security professionals can
make informed decisions about securing their environment.

Bottom-line: Do the workarounds if you need to buy some time. However, the
vulnerability won't be fixed until the patch is applied.

--
Bob McCoy
* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.

"Brian W" <Brian W@discussions.microsoft.com> wrote in message
news:33C766FD-8BE6-4F41-A42E-1D3000F85809@microsoft.com...
>I would like to know if applying a Microsoft Security Bulletin workaround
>is
> sufficient enough. Some of these bulletins to not always seem to apply and
> the workaround seems to be the best answer, but is it?
>
> For example, the MS 04-041 Microsoft Security Bulletin workaround reads
> that
> the workaround "helps reduce attacks"....and? It does not go on to provide
> further information as to what is or not reduced.
>
> All assistance is appreciated. Thank you
>
>
> -brian-


Top