Re: Windows XP file deletion

From: Deus, Attonbitus (Thor@HammerofGod.com)
Date: 09/11/02 

Date: Wed, 11 Sep 2002 11:50:16 -0700
To: Marc Fossi <mfossi@securityfocus.com>, Focus-MS <focus-ms@securityfocus.com>
From: "Deus, Attonbitus" <Thor@HammerofGod.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:49 AM 9/11/2002, Marc Fossi wrote:
>A lot of people have been posting asking about the Windows XP file
>deletion story that has been circulating in the news the last couple of
>days. This is an issue that has been known since August 15, 2002. Here
>is a link to the original Bugtraq post on the subject:
>
>http://online.securityfocus.com/archive/1/287482
>
>That should help to answer everyone's questions on the subject.

*Lots* of people I know missed that one- myself included. I found out
about it on another newsgroup. What is different about this one is that it
already made it to TechTV (The Screen Savers) who detailed the
vulnerability, and is basically now out in the open.

What I would be interested in hearing from other security folks is if MS
should now, even though SP1 fixes the problem, issue a separate fix that
does not require downloading a 130meg patch (or the 50 meg interactive
SP). Or should they at the least issue a "this is an issue, rename the
htm file or load SP1" bulletin?

It really is a pretty serious error...

- --
AD

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPX+QaIhsmyD15h5gEQKAVQCgtKeiDESwkCf9bLj7sDHxAyAgQQ0AoPsN
XpUBh+S2M7gAQab2xgF0mfsX
=GNxn
-----END PGP SIGNATURE-----