Security Basics mailing list archives

Lose the 'tude bub... (was: WMF Exploit Patch Released)

From: "Burton Strauss" <Burton () FelisCatus org>
Date: Sat, 7 Jan 2006 09:41:57 -0600



NT is a 10 year old OS.  Want support for your 10 year old OS from Microsoft
- offer to pay what it really costs to support it - a couple of engineers
full-time through Microsoft Consulting, maybe?  They told you when they were
going to drop support, extended it a couple of times because of customer
needs and finally did drop it.

Same thing for the Mac OS of that vintage, mainframe 10 year old OSes, etc.


There are dozens of web sites which will sell you 10 year old and
new/remanufactured 3Com gear.  Why?  Because it makes money for them.

Want parts for your 10 year old car?  Don't ask GM/Ford/VW ... Go
aftermarket.  If there is demand, somebody makes it... Or visit the junk
yard.

Want support for your 2 year old Linux distro?  Don't ask RedHat/Novell/et
al -- either look to the aftermarket (Fedora Legacy) or roll your own...

etc.

But if Microsoft does it, it's some deep dark conspiracy...


-----Burton


-----Original Message-----
From: Matthew Schiros [mailto:schiros () gmail com] 
Sent: Friday, January 06, 2006 11:47 AM
To: info () footvision com
Cc: security-basics () securityfocus com
Subject: Re: WMF Exploit Patch Released

According to Microsoft, WinNT4 and Win2k SP3 users are out of luck. 
Their reccomended "solution" is to upgrade your software to a supported
version.  Obviously, all this means is that they have no solution at all,
but this is hardly the first time that MS has stuck it to WinNT4 users as
part of an attempt to get them all moved over to 2k SP4.  As for the
viability of disabling the DLL's in question, while I haven't had any
problems as a result of doing that on the 2k boxes in the office, I haven't
had the opportunity to test its impact on NT systems.  That seems to be the
only way of removing the exploit from your machines though, and I'd be
interested in knowing the results of your attempts.

<snip />



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

WMF Exploit Patch Released Matthew Schiros (Jan 05)
- <Possible follow-ups>
- Re: WMF Exploit Patch Released Matthew Schiros (Jan 07)
  - Lose the 'tude bub... (was: WMF Exploit Patch Released) Burton Strauss (Jan 09)
  - RE: WMF Exploit Patch Released Donald N Kenepp (Jan 10)
    - Re: WMF Exploit Patch Released Matthew Schiros (Jan 11)
    - Security and EOL issues (was RE: WMF Exploit Patch released) Donald N Kenepp (Jan 09)