Determining impact of OS level patches
From: January, Ryan <Ryan.January_at_securitybenefit.com>
Date: Tue, 2 Aug 2011 10:27:59 -0500
Message-ID: <CA40B576F7DA654CAF625A78778FDF1906AE41ED_at_exchange2003.sbl.com>
Hello, I've recently been tasked with patching a series of Windows 2003 based servers in our Oracle (10gR2) environment. While performing my due diligence, I wanted to determine the impact of the patches as they relate to the database. Some Microsoft patches I can easily identify as having no or very little impact. An example of this would be KB977816 (Vulnerability in Microsoft MPEG Layer-3 codec could allow remote code execution). There are others which I'm having difficulty when determining their effect, not knowing exactly what portions of the underlying OS Oracle uses. An example of these would be KB2503665 (Vulnerability in Windows AFD.sys could allow elevation of privilege) or KB2476490 (Vulnerability in OLE Automation could allow remote code execution). Does any sort of "roadmap" exist, showing what OS dependencies exist for specific database features? If not, is there any other way for me to accurately scope the potential impact OS patches have prior to an installation in a test environment? This question is specifically targeted to Windows in this instance, however I feel it's still a valid exercise for any OS a database server runs on. If anyone additionally has any UNIX-centric knowledge of the same topic I would appreciate that as well. Thanks for your time, Ryan Security Benefit Corporation Confidentiality Notice: This e-mail and any files transmitted with it are private, confidential and solely for the use of the intended recipient. It may contain material that is legally privileged, proprietary or subject to copyright belonging to the Security Benefit Corporation and its subsidiaries, and it may be subject to protection under federal or state law. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete the material from any computer. Thank you.
Date: Tue, 2 Aug 2011 10:27:59 -0500
Message-ID: <CA40B576F7DA654CAF625A78778FDF1906AE41ED_at_exchange2003.sbl.com>
Hello, I've recently been tasked with patching a series of Windows 2003 based servers in our Oracle (10gR2) environment. While performing my due diligence, I wanted to determine the impact of the patches as they relate to the database. Some Microsoft patches I can easily identify as having no or very little impact. An example of this would be KB977816 (Vulnerability in Microsoft MPEG Layer-3 codec could allow remote code execution). There are others which I'm having difficulty when determining their effect, not knowing exactly what portions of the underlying OS Oracle uses. An example of these would be KB2503665 (Vulnerability in Windows AFD.sys could allow elevation of privilege) or KB2476490 (Vulnerability in OLE Automation could allow remote code execution). Does any sort of "roadmap" exist, showing what OS dependencies exist for specific database features? If not, is there any other way for me to accurately scope the potential impact OS patches have prior to an installation in a test environment? This question is specifically targeted to Windows in this instance, however I feel it's still a valid exercise for any OS a database server runs on. If anyone additionally has any UNIX-centric knowledge of the same topic I would appreciate that as well. Thanks for your time, Ryan Security Benefit Corporation Confidentiality Notice: This e-mail and any files transmitted with it are private, confidential and solely for the use of the intended recipient. It may contain material that is legally privileged, proprietary or subject to copyright belonging to the Security Benefit Corporation and its subsidiaries, and it may be subject to protection under federal or state law. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete the material from any computer. Thank you.
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Aug 02 2011 - 10:27:59 CDT