I was always referring to systems that are connected to the internet. Obviously if you have an unpatched version of Windows 95 that's isolated from the web, it's not going to attacked via this vulnerability, but I guess the way I worded it included all systems...so I stand correctedYou threw me there, I had to go reread the chain to figure out your comment. My part in this came from you saying there was negligence involved and I was trying to explain that sometimes, it's by design that systems are unpatched.
Let's see, I want to try and say it better taking in the progress of the discussion so far;
Let's try it this way.
There are situations where systems remain unpatched by design and not through negligence. Such systems should remain unconnected to the internet in lab environments but if they are going to be connected to the internet then strong measures should be taken to mitigate risk of attack, VPN only connections would be a good starting point along with other strong measures like restricted ACLs, tight firewalls, and point to point encryption. I would include removing or disabling all applications and services not required for the systems basic functions. Reduce everything to it's most fundamental purpose.
If you are going to ride bareback, make damn sure the pony is clean![]()