You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Timothy Stone <ci...@petmystone.com> on 2004/01/26 20:32:52 UTC
[users@httpd] January Microsoft Updates on deck...user experiences solicited...
List,
My hardware admin (I'm the Apache administrator) is requesting to apply
the January updates from Micros~1 on my Windoze 2k SP4 servers running
Apache 2.0.x. (We'll save the topic of why Apache on Windoze for another
thread, suffice to say I begged and pleaded for BSD | GNU/Linux but FUD
prevailed.)
More info on Jan. updates:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Currentdl.asp
While I'm cognizant of the need to be patch current with Micros~1
servers, this specific patch relates to the MDAC extensions on all
Windoze boxes. I have had very bad experiences with MDAC updates in the
past. I also believe, and outlined throughly to the admin, that the
threshold of this security flaw is very high as the boxes are dedicated
to Apache (i.e. port 80) and no other outside connections are permitted
via the firewall/DMZ. Rather than run the risk of physically altering
the OS of the servers, I weighed that the risk of compromise is much
lower. My logic: any time a server is patched, in production, the risk
of OS failure spikes. Yes, in production; we do not have the resources
to host a test box for patch work.
Can the more experienced server admins out there that have applied the
patches for January share stories of success or failure? Maybe I don't
have anything to worry about...Apache may not tie to these MDAC APIs; I
don't know, do they?
Many thanks in advance! and warmest regards,
Tim
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] January Microsoft Updates on deck...user experiences
solicited...
Posted by Timothy Stone <ci...@petmystone.com>.
>
> Tim,
>
> I am running a large number of Apache Web Servers 2.0.48. Our Win2k
> machines have all the latest patches and I have not experienced any
> problems.
>
Thank you Chris!
Tim
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] January Microsoft Updates on deck...user
experiences solicited...
Posted by hunter <th...@sympatico.ca>.
On Mon, 2004-01-26 at 14:32, Timothy Stone wrote:
> List,
>
> My hardware admin (I'm the Apache administrator) is requesting to apply
> the January updates from Micros~1 on my Windoze 2k SP4 servers running
> Apache 2.0.x. (We'll save the topic of why Apache on Windoze for another
> thread, suffice to say I begged and pleaded for BSD | GNU/Linux but FUD
> prevailed.)
>
> More info on Jan. updates:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Currentdl.asp
>
> While I'm cognizant of the need to be patch current with Micros~1
> servers, this specific patch relates to the MDAC extensions on all
> Windoze boxes. I have had very bad experiences with MDAC updates in the
> past. I also believe, and outlined throughly to the admin, that the
> threshold of this security flaw is very high as the boxes are dedicated
> to Apache (i.e. port 80) and no other outside connections are permitted
> via the firewall/DMZ. Rather than run the risk of physically altering
> the OS of the servers, I weighed that the risk of compromise is much
> lower. My logic: any time a server is patched, in production, the risk
> of OS failure spikes. Yes, in production; we do not have the resources
> to host a test box for patch work.
>
> Can the more experienced server admins out there that have applied the
> patches for January share stories of success or failure? Maybe I don't
> have anything to worry about...Apache may not tie to these MDAC APIs; I
> don't know, do they?
>
> Many thanks in advance! and warmest regards,
> Tim
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Tim,
I am running a large number of Apache Web Servers 2.0.48. Our Win2k
machines have all the latest patches and I have not experienced any
problems.
--
Chris
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org