RE: Security templates and settings in Windows XP



On Thu, 2005-12-29 at 13:26 -0500, Levinson, Karl wrote:
<snip>
> In reality they've probably already validated most if not all of the
> vulnerability. Microsoft seems to have decided for some reason that it is
> not in their [or maybe our] best interest for them to validate
> vulnerabilities until there is a patch out. Possibly they feel validating
> the vuln to the world increases the risk rather than decreasing it.

http://www.microsoft.com/technet/security/advisory/912840.mspx

Isn't a security advisory validating the existence of the
vulnerability ?

--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog: http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca: https://www.cacert.org/index.php?id=3

Attachment:smime.p7s
Description: S/MIME cryptographic signature



Relevant Pages

  • Re: IE vulnerabilities...
    ... > reason. ... It seems as though the employees are pretending to work to rip ... what possible motive could Microsoft possibly have for delaying ... stands to lose with each security vulnerability in the news, ...
    (microsoft.public.security)
  • [Full-Disclosure] its all about timing
    ... should be reported first to the vendor! ... H is right, because he disclosed a vulnerability, and disclosing is good. ... I'm a big fan of open disclosure, freedom of speech, etc. ... good reason for the delay (because such reasons could exist, ...
    (Full-Disclosure)
  • Re: To reopen or not to reopen?
    ... well for the opponents for the same reason you rate to do well ... The deciding factor for me is vulnerability. ... we are lucky and score +200 on defense then we just won all or nearly ...
    (rec.games.bridge)
  • Re: [Full-disclosure] PayPal.com XSS Vulnerability
    ... Its interesting how the reason code changed. ... PayPal Inc. is running a bug bounty program for professional security ... Today I received an email from PayPal Site Security: ... that the vulnerability you submitted was previously reported by another ...
    (Full-Disclosure)
  • BNCweb File Disclosure Vulnerability
    ... ('binary' encoding is not supported, ... The reason for this vulnerability is a piece of obsolete code left over from a development version. ...
    (Bugtraq)