:)
Thank you all for your valuable comments... Indeed I appreciated some of the
links/info extended (Susan, Thor and Tom) However, in the end, it sounded
like:
a) As a sysadmin in charge of maintaining XP systems along with a whole
shebang of other mix setups, unless I deploy a better firewall solution, I
seem to be SOL.
b) M$ is trying to boost Win7 sales... whoopd...@#$%#^-doo... As was stated
earlier, they did the exact same thing back in Win2K days... Nothing new
here... :/ As Larry and Thor pointed out, what sux is that despite M$
PROMISING that they would continue supporting XP since they didn't exactly
state WHAT they would support, they seem to be legally free to actually get
away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
to promises...
So... with all this commentary, in the end, I still didn't read from the
big'uns on whether or not a 3rd party open-source patch would be
released... I sure miss the days that people back in the day who cared would
:) In the end I realize, it sounds like a total over-haul of the TCP/IP
stack is required; but does it really have to? Really?
How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
suggesting switching to an iptables based protection along with a registry
tweak... ahh the good ol' batch firewall :) Would this actually work as a
viable work-around? I realize M$ stated this as such, but given their
current reputation it's really hard to take their word for anything these
days :P
What free/cheap client-level-IPS solutions block this current attack? Any
suggestions?
Thank you for your time and look forward to some more answers.
Sincerely,
Aras Russ Memisyazici
arasm {at) vt ^dot^ edu -- I set my return addy to /dev/null for... well
you know why!
Systems Administrator
Virginia Tech
-Original Message-
From: Larry Seltzer [mailto:la...@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only default for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub sub
sub set of customer base.
(Bottom line, yes, the marketing team definitely got a hold of that
bulletin)
Thor (Hammer of God) wrote:
Yeah, I know what it is and what it's for ;) That was just my subtle
way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch,
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK. Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously must be accepting network connections to get
the settings in the first place. If all it takes is any listening
service, then you have issues. It's like telling me that the solution
is to take the letter 'f' out of the word solution.
2) Think things through. If you are going to try to boot sales of
Win7 to corporate customers by providing free XP VM technology and thus
play up how important XP is and how many companies still depend upon it
for business critical application compatibility, don't deploy that
technology in an other-than-default configuration that is subject to a
DoS exploit while downplaying the extent that the exploit may be
leveraged by saying that a typical default configuration mitigates it
while choosing not to ever patch it.Seems like simple logic points
to me.
t
-Original Message-
From: Susan Bradley [mailto:sbrad...@pacbell.net]
Sent: Wednesday, September 16, 2009 10:16 AM
To: Thor (Hammer of God)
Cc: bugt...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's XP. Running in RDP mode. It's got IE6, and wants antivirus.
Of
course it's vulnerable to any and all gobs of stuff out
