RE: Disabling Services or Not

[rcolbert]

Just got this in my inbox this morning:

> Symantec Vulnerability Alert
>
> Microsoft Windows License Logging Service Buffer Overflow
> Vulnerability
> Bugtraq ID 12481
> CVE CAN-2005-0050
> Published Feb 8 2005
> Last Update 3/18/2005 5:52:15 PM GMT
> Remote Yes
> Local No
> Credibility Vendor Confirmed
> Classification Boundary Condition Error
> Ease Exploit Available
> Availability Always
> Authentication Not Required
>
> Impact 10 Severity 10 Urgency Rating 9.6
>


I'm glad that I already have implemented a domain-wide policy to disable the (useless) License Logging Service on the nearly 10,000 computers we have across North America.

Of course, there are still folks in the peanut gallery who insist that disabling services is a waste of time, and that running services cannot be exploited by unauthenticated users, and that the only vulnerabilities in Windows are from RPC, and a whole lot of other complete and utter bullshit.

I'm sorry the services.msc thread is gone, but consider this to be one big ol "I told you so" to those who disagreed with the premise.

 

[GreNME]

This is funny in so many ways that I'm not sure where to begin. Perhaps someone else will fill you in on the difference and why your "I told you so" seems more like the typical self-validation bullshit of the vapid instead of bringing up a valid and useful piece of information.

Though I will mention that you are not discussing an actual default system service. Yay for (your) shifting goalposts.

 

[BlindedByScience]

Friendly reminder that a lively discussion of the issues is fine, but personal attacks and insults won't fly.

Thank you - B.B.S.

 

[GreNME]

Friendly reminder that a lively discussion of the issues is fine, but personal attacks and insults won't fly.

Thank you - B.B.S.

Then since the original post was an obvious troll, why is the thread still open?


Mod Edit - ....fixed. B.B.S.