Re: More... On the topic of Windows Hardening, MS05-018?
From: enine (enine_at_ninefamily.com)
Date: 11/16/05
- Previous message: Jean-Baptiste Marchand: "Re: break in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Nov 2005 09:04:14 -0800 To: <focus-ms@securityfocus.com>
---------- Original Message ----------------------------------
From: "M. Burnett" <mb@xato.net>
Date: Tue, 15 Nov 2005 20:36:07 -0700
>Microsoft certainly cannot anticipate and test every possible configuration change that customers might make. The patches undergo a significant amount of testing and their careful patch testing and release plan is better than it has ever been. But was this a foreseeable scenario that should have been tested? Should they have anticipated ACL problems? I read in MSKB 909444 that "...Before Microsoft Security Bulletin MS05-051, explicit permissions to the COM+ catalog were not required." Reading that, I would suspect that if you make a change that requires explicit permissions that you should anticipate that anything besides the default permissions might cause problems. I think they could have anticipated issues here to have warranted a more detailed test plan and should not have relied so much on beta testing to have found any issues.
>
What was Microsoft's answer to the MS05-018 problem, the fix for it was not permission related, and why the refusal to provide a new patch?
________________________________________________________________
Sent via the WebMail system at ninefamily.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Jean-Baptiste Marchand: "Re: break in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
