Is it time to upgrade?

    It is no secret that many citizens believe that updating key systems is evil, it works - do not touch it.

    Some come in an effort to preserve everything as it was to a very high level of antiquity - domain controllers with a server 2003 and an appropriate domain and forest level, Exchange 2010 without SP, antiviruses of the past generation, instead of Next Generation (from the well-known TRAPS), flat networks, SMB 1, the list goes on.

    All of the above was aggravated by a disgusting organization ...
    20 years of the First Chechen War: Part II. Morituri: going to death

    In May 2017, many paid a lot for this approach; at the time WannaCry started, only two products prevented the spread of the virus, and both of them are not KAV with default settings. I wonder if someone will comment on these products in the comments?

    A few days ago Microsoft published CVE-2018-8265 | Microsoft Exchange Remote Code Execution Vulnerability , and on the leading site for examination in cosmonautics, import substitution and table insertion * are silent for some reason, there are not even comparison statistics that in (substitute the product) this never happened and never can be.

    The vulnerability description is simple -
    A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user. An attacker could then install programs; view, change, add, or delete data.

    To exploit this vulnerability, an attacker would need to send a specially crafted email to an affected Exchange server, and then convince the recipient to perform multiple actions while replying to the message.

    The security update addresses the vulnerability by correcting how Microsoft Exchange parses specially crafted email messages.

    This is not the first case of remote execution, for example, the earlier CVE-2018-8154 Remote Code Execution Vulnerability dated May 2018, but at least they wrote about it in the article .

    Knowing people suggest about the existence of such a record , where Sinitsin talks a little about these vulnerabilities, from 48 minutes.

    And how is your update and control policy built?

    * By the way, experts - and align = "right" - also does not work on the leading site? Buttons of formatting the text to the right are not delivered, or I do not see them?

    Only registered users can participate in the survey. Please come in.

    System Update Policy

    Also popular now: