Just got this in my inbox this morning:
> Symantec Vulnerability Alert
>
> Microsoft Windows License Logging Service Buffer Overflow
> Vulnerability
> Bugtraq ID 12481
> CVE CAN-2005-0050
> Published Feb 8 2005
> Last Update 3/18/2005 5:52:15 PM GMT
> Remote Yes
> Local No
> Credibility Vendor Confirmed
> Classification Boundary Condition Error
> Ease Exploit Available
> Availability Always
> Authentication Not Required
>
> Impact 10 Severity 10 Urgency Rating 9.6
>
I'm glad that I already have implemented a domain-wide policy to disable the (useless) License Logging Service on the nearly 10,000 computers we have across North America.
Of course, there are still folks in the peanut gallery who insist that disabling services is a waste of time, and that running services cannot be exploited by unauthenticated users, and that the only vulnerabilities in Windows are from RPC, and a whole lot of other complete and utter bullshit.
I'm sorry the services.msc thread is gone, but consider this to be one big ol "I told you so" to those who disagreed with the premise.
> Symantec Vulnerability Alert
>
> Microsoft Windows License Logging Service Buffer Overflow
> Vulnerability
> Bugtraq ID 12481
> CVE CAN-2005-0050
> Published Feb 8 2005
> Last Update 3/18/2005 5:52:15 PM GMT
> Remote Yes
> Local No
> Credibility Vendor Confirmed
> Classification Boundary Condition Error
> Ease Exploit Available
> Availability Always
> Authentication Not Required
>
> Impact 10 Severity 10 Urgency Rating 9.6
>
I'm glad that I already have implemented a domain-wide policy to disable the (useless) License Logging Service on the nearly 10,000 computers we have across North America.
Of course, there are still folks in the peanut gallery who insist that disabling services is a waste of time, and that running services cannot be exploited by unauthenticated users, and that the only vulnerabilities in Windows are from RPC, and a whole lot of other complete and utter bullshit.
I'm sorry the services.msc thread is gone, but consider this to be one big ol "I told you so" to those who disagreed with the premise.