Timeline of ETA 199379: Isilon OneFS: Microsoft security update MS15-027 may cause...

Hi Mike

It was more like a question.

I posted my two sources. Packetstorm postet about the delay of the fix because microsoft identified a big vendor wich fails with that fix.

And the Microsoft release notes of that patch where only emc isilon is affected.

So EMC could be that big vendor... I think

Correct me, if I'm on the wrong lane

Christian

--

Auf einem Mobildevice erstellt

are you going to release a  patch for 7.1.0.x family ?

Furthermore they have not refreshed the ETA

https://emc--c.na5.visual.force.com/apex/KB_ETA?id=kA3700000000260

Hello Mike,

Is this fix available now? you mentioned in your post that something might be out by the 20th of March, today is the 24th.

We are on Vs 7.1.0.1

I have received the following updates notification today via e-mail

and  the linked patches address the Microsoft  issue  in question.

Ironically, the linked Current Patches document, while also

updated yesterday, does NOT list those patches....   

-- Peter

Your EMC Product Updates Updates are now available for the following product(s): Notification Frequency: DAILY Product(s) Content Type Date Title Isilon OneFS, Isilon Downloads 2015-03-23 Isilon OneFS Patch-145046 Isilon OneFS, Isilon Downloads 2015-03-23 Isilon OneFS Patch-139809 Isilon OneFS, Isilon Downloads 2015-03-23 Isilon OneFS Patch-145051 Isilon OneFS, Isilon Product Documentation 2015-03-23 Current Isilon OneFS Patches Isilon OneFS, Isilon Product Documentation 2015-03-23 Managing SMB Shares Using Isilon OneFS Isilon OneFS, Isilon Product Documentation 2015-03-23 Business Data Lake Protection 1.0 Integration Guide Isilon OneFS, Isilon Downloads 2015-03-23 Isilon OneFS Patch-145047 Isilon OneFS, Isilon Downloads 2015-03-23 Isilon OneFS Patch-145050 Isilon OneFS, Isilon Downloads 2015-03-23 Isilon OneFS Patch-145049 Service Life EMC Firmware Release and End of Service Life Notifications EMC Hardware Release and End of Service Life Notifications EMC Software Release and End of Service Life Notifications You are receiving this notification because you have subscribed to product updates through the EMC Support website. Sincerely, EMC Customer Service

Hold on a second --- at least the ETA's publication date has been updated to Mar 23.

So it's consistent with the Current Patches doc now.

scnr

-- Peter

sorry Scott, i posted in the wrong thread. I just updated this discussion Re: ESA-2015-015 Question

Dynamox,

Patch 145049 is for OneFS 7.1.0.6 (the listing on the site references 7.0.1.6, but we are working to have the information corrected to reflect that it is for OneFS 7.1.0.6

https://download.emc.com/downloads/DL58529_Isilon_OneFS_Patch-145049.tgz

Hi

my question (to EMC) is still not answered.

Is my interpretation of the timeline right or wrong?

Was EMC informed in Feb. about this problem or not?

I interpret the packetstorn notice from 2015-01-02 in a way that EMC was informed early.

The second thing which points in this direction is the very early warning published by Microsoft.

Chris

Hi Christian,

Are you looking for an answer from EMC  as a whole or Isilon specifically? mikewong  has answered on Isilon's behalf above with a date. If you are looking for an overall EMC statement, I would have to find the right person for that. Can you please confirm?

Thank you

Niki

Hi

Mike Wong didn't answer anything.

ISILON is a part of EMC, so for me it's not a difference if the one who answers has EMC or ISILON Division in his title.

I exspect a answer.

For now I value mikes answer as "yes we know early but we don't tell"

Chris

From support.emc.com:

https://support.emc.com/search/?text=ms15-027&resource=DOWN

per Mike Wong reply above:

I'm not sure where you received your information about EMC receiving information about this patch early, but from my information we were made aware of the issue on 3/12/15, two days after the patch was released from Microsoft.

I'm missing a Patch for this issue for release  7.1.1.3... It's not fixed and it's no patch available... (just saying, SR is already open...)

That's also a point you could work on: don't release a release which has such a massive technical / security hole and no patch - especially when you do not fix the issue for all codes and force your customers to schedule updates to newer code.

Just my 2 Cents

--sluetze

There is a patch for 7.1.1.3, on demand from the support team.

If you can wait another week. It's my understanding we will be releasing a new set of patches ( target code only) which will have a better mechanism to handle the ms15-027 issue.

The same approach will be built in :

- 7.2.0.2 ( may 6 ETA)

- 7.1.1.5 ( late June ETA )

- 7.1.1.4 ( late April )

Luc Simard - 415-793-0989

Senior Technical Account Manager.

Isilon Systems - Simple is Smart™

Messages may contain confidential information.

Sent from my iPhone