> Reference: > > http://www.computerworld.com/s/article/9138007/Microsoft_No_TCP_IP_patches_for_you_XP > > MS claims the patch would require to much overhaul of XP to make it > worth it, and they may be right. Who knows how many applications might > break that were designed for XP if they have to radically change the > TCP/IP stack. Now, I don't know if the MS speak is true, but it > certainly sounds like it is not going to be patched. > > The other side of the MS claim is that a properly-firewalled XP system > would not be vulnerable to a DOS anyway, so a patch shouldn't be > necessary. > > -Eric >
Apparently MS either: a) believes that people/employees on a LAN would NEVER EVER do anything naughty or; b) that hostbased firewalls should be enabled on ALL workstations regardless if they are behind corporate firewall/nat/etc... Either way....remote code or DoS, it's still a timebomb. PCI DSS requires these types of things to be patched or mitigated (compensating control) if placed in the cardholder data environment. Looks like no patch means a lot of extra work for companies taking debit/credit and running XP. James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
