If it's not explicitly covered in the Tech Republic article, the overview is here:
http://www.microsoft.com/technet/security/advisory/909444.mspx And the technical detail is here: http://support.microsoft.com/kb/909444 There's a growing about of blogging about this issue, with various experts (and "reporters" nano-quoting the experts) trying to score points on Microsoft. Really, if a Windows installation doesn't have SYSTEM:Full on the %windir% folder and it's children, it's not a functional machine. The only exceptions I believe are reasonable (because, hey, on the Internet, everyone's an expert) are the repair folder, or the terribly broken Everyone:Full that you sometimes see on a whole C: drive thanks to an Administrator gone wild. I give full points to Microsoft for their write up on this one, but I'd also have to point out that their error handling is obviously lacking on this module. Andrew. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Tuesday, October 18, 2005 11:28 AM > To: [email protected] > Subject: [Declude.JunkMail] FYI: Windows patch backfires on > the security-minded > > > Windows patch backfires on the security-minded > http://techrepublic.com.com/2100-1009_11-5897997.html?tag=sas.email# > > Matt > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
