Re: Shame on Microsoft
From: Jeff Middleton [SBS-MVP] (jeff_at_cfisolutions.com)
Date: 08/13/03
- Next message: Lanwench [MVP - Exchange]: "Re: IS it a worm?"
- Previous message: remove: "MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT’S BEEN COMPROMISED"
- In reply to: Jonathan M: "Re: Shame on Microsoft"
- Next in thread: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
- Reply: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Aug 2003 00:02:16 -0500
Just in case the point Jonathan was making slipped past your attention...
The RPC hole that was detected about 6 weeks ago has been a component that
has never been identified in previous versions of all the product dating
back about 9 yrs. Got that? This wasn't an intentional error or
omission...it's something that has been missed for a decade in security
inspections of the OS. There are plenty of places to pick a bone with
MS....but this isn't the one, at least not on the merit of it being crappy
design. Maybe it represents crappy reaction by failing to make the patches
available for any Service Pack (i.e. MS just added a note to MS03-026
indicating that it _can_ be applied to W2K SP2, not just SP3 and SP4), maybe
there's room to complain that MS should have a better way to reach people
who want to protect themselves. These are fair statements.
Nobody is aggravated with patching and security ,more than the MVPs and
non-moniker yet skillful devotes who take the time to listen to both the
pathetic rants and plaintively honest complaints in the Security NG.
Hopefully everyone who takes the time to bitch about MS on a daily basis
takes the time to do something positive as well.
"Jonathan M" <jmaltz@mvps.org> wrote in message
news:uMkS83UYDHA.2424@TK2MSFTNGP12.phx.gbl...
> Such serious holes?
> Slipping past Microsoft's attention?
>
> This hole was not so easy to come by, it's been around since NT and no one
> discovered it till less than a month ago.
>
> It didn't slip past Microsoft's attention, they created a patch. They put
> it on WindowsUpdate, they threw it to Auto Updates. There's a limit to
how
> much they can do.
>
> --
> --Jonathan M
> http://www.imbored.biz - A Windows Server 2003 visual, step-by-step
> tutorial site :-)
> Only reply by newsgroup. If I see an email I didn't ask for, it will be
> deleted without reading.
>
>
> "Sid" <sid12@mail.com> wrote in message
> news:em84ktUYDHA.736@TK2MSFTNGP09.phx.gbl...
> > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> > news:O4iFOOUYDHA.440@tk2msftngp13.phx.gbl...
> >
> > > The patch was available for nearly a month.
> > >
> > > Made the top link of every Windows-related Microsoft site.
> > >
> > > Users should visit WindowsUpdate to make sure they are up to date
and/or
> > > have Automatic Updates on
> >
> > I think what he means is that it is pretty embarrassing for a company
like
> > Microsoft to have such serious holes in their software. Considering
they
> > market Windows 2003/2k/XP as incredibly secure, it is simply amazing how
> > these big holes just keep slipping past M$'s attention. Maybe if you
took
> a
> > few minutes to lay down your MS-MVP flag and ponder that, you might have
> > more to say than simply telling us the patch was available on Windows
> Update
> > and it was really popular.
> >
> > Sid
> >
> >
>
>
- Next message: Lanwench [MVP - Exchange]: "Re: IS it a worm?"
- Previous message: remove: "MAKING YOUR COMPUTER SYSTEM SECURE AFTER IT’S BEEN COMPROMISED"
- In reply to: Jonathan M: "Re: Shame on Microsoft"
- Next in thread: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
- Reply: Jonathan Maltz [MS-MVP]: "Re: Shame on Microsoft"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
