On Mon, Sep 23, 2002 at 11:25:47AM -0700, J. Michael Cuciti wrote: > In the past two months, Microsoft has come out with a number of security > vulernability patches to fix a number of "critical" applications such > as certificates (spoof or delete). My question, for all of you that > know better than I, is how "critical" are these patches to apply and > what will happen if we don't? It depends what your users use SSL for. If you can live with the little SSL-lock being completely meaningless, then you don't need to be concerned. However, if you rely on SSL to _authenticate_ connections for your users, you should probably install the patches when you have the time for it. I'm not sure where it should fit on your priority scale, but I would hazard a guess that it belongs after you've figured out a push/pull update mechanism for your clients. Handling 1500 machines without one doesn't sound like my idea of fun. -- http://immunix.org/
This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 14:52:04 PDT