As luck would have it we run 126.96.36.199 on Windows servers for which there is no patch!
We have to patch to 188.8.131.52 but as the systems are closed and validated systems there'll be much revalidation and weeping and gnashing of teeth.
So ... so that I can convince management - can anyone give me some outline of the security risk if left unpatched? There's no real detail on Metalink - just a strong advisory statement to apply the patches. I know what the MD will say: "Can we risk it?" and without some detail on the risk I can't advise him.
Can't seem to find any detail of the risk in that Note. What exactly should I be looking at?
They only updated the documents as recently as yesterday. Give it sometime. Hopefully they'll add some level of detail to it. I haven't looked at the individual patch readme documents for other OSes (besides Windows) yet. I'm *guessing* that'll have more detail..
"It is my understanding that the alert is in the process of being rewritten. We are receiving many tars asking what it fixes. Unfortunately, we in support don't know anything more than what the alert says. I can't answer the question at this time."
Originally posted by Axr2
They only updated the documents as recently as yesterday. Give it sometime.
My supposition is that they avoided publishing a "hacker's handbook" before the fixes were available. If I were running a server with some degree of external access, I'd be testing patches now, so that I could get them into production fast the moment the vulnerabilities were published.