Re: So how secure is Windows XP with all current updates?

From: Kent W. England [MVP] (kwe_at_mvps.org)
Date: 06/24/04

• Next message: Kent W. England [MVP]: "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
• Previous message: josie my baby: "Getting Kicked Offline"
• In reply to: Alun Jones [MSFT]: "Re: So how secure is Windows XP with all current updates?"
• Next in thread: david: "Re: So how secure is Windows XP with all current updates?"
• Reply: david: "Re: So how secure is Windows XP with all current updates?"
• Reply: Paul Adare - MVP - Microsoft Virtual PC: "Re: So how secure is Windows XP with all current updates?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 23 Jun 2004 20:21:46 -0700

Alun Jones [MSFT] wrote:

>>The first statement says that Blaster infected patched machines while
>>the second statement says that those who were patched were protected.
>
>
> Kent may be reaching a bit, but I think I can reconcile his statements...
> sort of.

Thanks for the defense. A forest-for-the-trees nitpicker problem. What I
said wasn't correct about Blaster, but was true about vulnerabilities in
general.

Blaster was not able to infect fully patched machines. But the salient
point to be taken from the post was that even machines that are fully
patched may be vulnerable to some exploit that succeeds without user
intervention. Blaster is an example of such a mechanism, but not of a
successful exploit.

I could have discussed other IE vulnerabilities that are less well known
and the OP would have remained in the dark in developing his model of
how these vulnerabilities work. I thought that Blaster was the most well
known exploit I could choose to illustrate this type of vulnerability,
contrasted to an email virus infected attachment, of which everyone
seems to have a mental model.

-- 
Kent W. England, Microsoft MVP for Windows Security

---

• Next message: Kent W. England [MVP]: "Re: Virus/adware/spyware -- is there all-in-one protection in one program?"
• Previous message: josie my baby: "Getting Kicked Offline"
• In reply to: Alun Jones [MSFT]: "Re: So how secure is Windows XP with all current updates?"
• Next in thread: david: "Re: So how secure is Windows XP with all current updates?"
• Reply: david: "Re: So how secure is Windows XP with all current updates?"
• Reply: Paul Adare - MVP - Microsoft Virtual PC: "Re: So how secure is Windows XP with all current updates?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: So how secure is Windows XP with all current updates? ... > said wasn't correct about Blaster, but was true about vulnerabilities in ... Kent, there was no need for anyone to come to your "defense" as I wasn't ... While I may be an MVP for VPC, my real life job involves security, so I ... (microsoft.public.security) Re: So how secure is Windows XP with all current updates? ... piston rings and tire patches to see where the car came from. ... > Blaster was not able to infect fully patched machines. ... > I could have discussed other IE vulnerabilities that are less well known ... > seems to have a mental model. ... (microsoft.public.security) Re: controversial paper ... >have saved both you and others of some typing. ... I mean ALL known vulnerabilities because that is the effect that ... Blaster had. ... argument but rely on silly word tricks. ... (sci.crypt) Re: [Full-Disclosure] Vendor non-acknowledgement ... On Tue, 2003-09-30 at 16:37, Kent A wrote: ... > Do most vendors acknowledge security professionals that ... > bring vulnerabilities to them? ... (Full-Disclosure)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)