Aras "Russ" Memisyazici wrote:
>
> How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
> suggesting switching to an iptables based protection along with a registry
> tweak... ahh the good ol' batch firewall :) Would this actually work as a
> viable work-around? I realize M$
eptember 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclos...@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a me
--> I set my return addy to /dev/null for... well
you know why!
Systems Administrator
Virginia Tech
-Original Message-
From: Larry Seltzer [mailto:la...@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclos...@lists.grok.org.u
ow why!
>
> Systems Administrator
> Virginia Tech
>
> -Original Message-----
> From: Larry Seltzer [mailto:la...@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclos...@lists.grok.org.uk; bugtraq@se
isclosure-boun...@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclos...@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only "default"
:26 PM
To: Thor (Hammer of God)
Cc: full-disclos...@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only "default" for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slic
Cloud option maybe as we go forward but right now today, this is
business making the decisions here.
Desktop, if it were that easy we'd have ripped out desktops years ago.
Businesses have to be realistic. Sometimes there is not "plenty of
comparable alternatives out there".
Sometimes the bo
Susan Bradley wrote:
> Only if you are a consumer. In a network we ALL have listening ports
> out there.
This is simply Microsofts way of forcing you to upgrade your OS. They
pulled the same shenanigans with Windows 2000, if you do not recall.
I'd have to say, it's time to re-evaluate where you
atch old code."
t
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
Sent: Wednesday, September 16, 2009 8:00 AM
To: Eric C. Lukens; bugtraq@securityfocus.com
Cc: full-disclos...@lists.grok.o
me.
t
> -Original Message-
> From: Susan Bradley [mailto:sbrad...@pacbell.net]
> Sent: Wednesday, September 16, 2009 10:16 AM
> To: Thor (Hammer of God)
> Cc: bugtraq@securityfocus.com; full-disclos...@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party pat
Seems like simple logic points to me.
t
-Original Message-
From: Susan Bradley [mailto:sbrad...@pacbell.net]
Sent: Wednesday, September 16, 2009 10:16 AM
To: Thor (Hammer of God)
Cc: bugtraq@securityfocus.com; full-disclos...@lists.grok.org.uk
Subject: Re: [Full-disclosure] 3rd party
ainfully obvious, not obviously painful.
t
> -Original Message-
> From: Larry Seltzer [mailto:la...@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 8:21 AM
> To: Thor (Hammer of God); Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclos...@lists.grok.org.uk
&
Only if you are a consumer. In a network we ALL have listening ports
out there.
elizabeth.a.gre...@gmail.com wrote:
As I understand the bulletin, Microsoft will not be releasing MS09-048 patches
for XP because, by default, it runs no listening services or the windows
firewall can protect it.
Is this relevant?
QUOTE---
Protect to 2 for the best protection against SYN attacks. This value
adds additional delays to connection indications, and TCP connection
requests quickly timeout when a SYN attack is in progress. This
parameter is the recommended setting.
NOTE: The following socket
n...@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, September 16, 2009 8:00 AM
> To: Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclos...@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Thanks for the link.
.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor
(Hammer of God)
Sent: Wednesday, September 16, 2009 11:00 AM
To: Eric C. Lukens; bugtraq@securityfocus.com
Cc: full-disclos...@lists.grok.org.uk
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
Thanks f
ginal Message-
> From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
> disclosure-boun...@lists.grok.org.uk] On Behalf Of Eric C. Lukens
> Sent: Tuesday, September 15, 2009 2:37 PM
> To: bugtraq@securityfocus.com
> Cc: full-disclos...@lists.grok.org.uk
> Subject: R
As I understand the bulletin, Microsoft will not be releasing MS09-048 patches
for XP because, by default, it runs no listening services or the windows
firewall can protect it.
Quoting http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx
"If Windows XP is listed as an affected pro
It's not that they aren't supported per se, just that Microsoft has
deemed the impact of DOS to be low, the ability to patch that platform
impossible/difficult and thus have make a risk calculation accordingly.
Sometimes the architecture is what it is.
Jeffrey Walton wrote:
Hi Susan,
Rea
On 16/09/09 8:49 AM, Jeffrey Walton wrote:
Hi Aras,
Given that M$ has officially shot-down all current Windows XP users by not
issuing a patch for a DoS level issue,
Can you cite a reference?
http://tech.slashdot.org/article.pl?sid=09/09/15/0131209
--
Cheers,
Matt Riddell
Director
Hi Susan,
> Read the bulletin. There's no patch. It is deemed by Microsoft to be of
> low impact and thus no patch has been built.
I don't know how I missed that XP/SP2 and above were not being
patched. It appears that my two references are worhtless... I used to
use them in position papers!
* h
ry.
-Eric
Original Message
Subject: Re: 3rd party patch for XP for MS09-048?
From: Jeffrey Walton
To: nowh...@devnull.com
Cc: bugtraq@securityfocus.com, full-disclos...@lists.grok.org.uk
Date: 9/15/09 3:49 PM
> Hi Aras,
>
>
>> Given that M$ has officially shot-down all curren
Microsoft Security Bulletin MS09-048 - Critical: Vulnerabilities in
Windows TCP/IP Could Allow Remote Code Execution (967723):
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
If Windows XP is listed as an affected product, why is Microsoft
not issuing an update for it?By defaul
Read the bulletin. There's no patch. It is deemed by Microsoft to be
of low impact and thus no patch has been built.
Jeffrey Walton wrote:
Hi Aras,
Given that M$ has officially shot-down all current Windows XP users by not
issuing a patch for a DoS level issue,
Can you cite a refer
http://www.computerworld.com/s/article/9138007/Microsoft_No_TCP_IP_patches_for_you_XP
http://edge.technet.com/Media/MSRC-Monthly-Security-Bulletin-Webcast-September-2009/
Jeffrey Walton wrote:
Hi Aras,
Given that M$ has officially shot-down all current Windows XP users by not
issuing a pat
Hi Aras,
> Given that M$ has officially shot-down all current Windows XP users by not
> issuing a patch for a DoS level issue,
Can you cite a reference?
Unless Microsoft has changed their end of life policy [1], XP should
be patched for security vulnerabilities until about 2014. Both XP Home
and
Hello All:
Given that M$ has officially shot-down all current Windows XP users by not
issuing a patch for a DoS level issue, I'm now curious to find out whether
or not any brave souls out there are already working or willing to work on
an open-source patch to remediate the issue within XP.
I real
27 matches
Mail list logo
