I wasn’t going to post today about third party patches, Microsoft’s hubris, and the value of IPS tech, but I just couldn’t resist the opportunity to get an ‘I told ya so’ in there.

The facts:

1. The ANI vulnerability has been on Microsoft’s radar since 12/06
2. Some IPS vendors have had signatures for some time: ISS and Sourcefire
3. eEye has released a third party patch
4. and lastly, Microsoft announced intentions to release an out-of-cycle patch

The conclusion:

Patch management is definitely a valuable component in the security arsenal but by no means the only one or the last one. IPS technology is far from dead. In fact, shops that have deployed it properly could be in a very strong position right now. It also appears that Microsoft is slowly seeing the logic of and need for out-of-cycle patches.

Fortunately, I’m able to blog about this today instead of scrambling to decide how to protect my hosts, namely because I’ve already worried about it and deployed IPS and HIPS.

::UPDATE::

David Graham over at Errata Security has brought up a very good point: IDS and IPS signatures “are usually [emphasis mine] based on vulnerabilities rather than exploits.” Since this vulnerability was discovered over two years ago, some vendors have provided detection and/or protection since 1/2005.

Go read David’s article. It’s very well written.

Again, if you haven’t done so, begin planning your IPS deployment. You’ll be less dependent on Microsoft patches for your network’s security and you’ll be strengthening the ‘Net as a whole.

For more information about this topic

• ANI exploits
• My Black Tuesday Routine
• Micro defense in depth
• Evaluating malware from a network perspective
• Windows DNS/RPC Vulnerability
• Build Security You Can Trust