Yes. We did install the patch immediately after installing XP. We are behind a firewall and the XP machine is masqueraded. So I don't believe we were vulnerable for the 10 minutes or so between installing XP and installing the patch. XP actually installed well. It did stall, but opening and closing the CDrom fixed that, amazingly enuf. Of course, we were immediately on the internet after that. I agree that MS$ again looks really bad. After all, it was found by a small nonMS company within just a few weeks of release. And, this bug involves more than just XP. Windows ME is also vulnerable, if UPnP is enabled. That is to say, this bug has been around since the release of Windows ME, I guess. Also, any system which has installed the universal Plug & Play program is vulnerable. I don't believe that was emphasized in the media. What is interesting is that several weeks (I believe) elapsed between the discovery of the vulnerability and the announcement of the patch. You would think they would have just told everybody to block the ports used by UPnP or turn off UPnP until the patch was out. This gave the Bad Guys several weeks to act, if, by chance, the Bad Guys also knew about this problem. I still think that the Real Bad Guys, with budgets of millions of dollars, likely have XP already targeted. When they pull the trigger is anybody's guess. For all we know, they have pulled the trigger. All that being said, the concept of universal plug and play looks like it would be great, if it worked. Visit MS if you'd like more detail about this bug: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp Joel
On Sat, Dec 22, 2001 at 04:58:49PM -0500, David A. Bandel wrote: > On Sat, 22 Dec 2001 10:02:12 -0500 > Joel Hammer <[EMAIL PROTECTED]> spewed into the bitstream: > > > A bit OT but: > [snip] > > He is tired of windows98 crashing several times per day. > > So, he is going to install XP professional ($20 [no upgrade] from his > school > > bookstore.) I may be tempted at that price. > > Joel > > Please check out the patches. For anyone anywhere to take complete > control of your XP machine, all you have to do is ... connect to the > Internet. > > I'm sorry, this is frighteningly stupid -- even for M$. Imagine > _millions_ of zombies in the hands of a 13 year old who wants to DDOS > everyone off the Internet. > > Ciao, > > David A. Bandel > -- > Focus on the dream, not the competition. > -- Nemesis Racing Team motto > Internet (H323) phone: 206.28.187.30 > _______________________________________________ > Linux-users mailing list > Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users _______________________________________________ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
