Bugtraq mailing list archives
Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))
From: Ryan Fox <rfox () NOGUSKA COM>
Date: Wed, 2 Aug 2000 12:39:06 -0400
What erks me about this e-mail..... 1. The vendor knew versions of their software were vulnerable, but intentionally failed to list them in their disclosure. An example situation where these platforms are susceptable (large win9x only workgroup) has already been posted to the list, and the vendor does not feel it is worth it to patch. Let's call this one vendor's perogative and move on. 2. The vendor's patch, by their own admission in the last e-mail, breaks some "normal, by-design management functions" in the NetBIOS protocol. They also called the patch unsuitable for rollout over the entire network. Nowhere in the initial disclosure was any mention of this. I, for one, would feel much more comfortable applying a patch if I knew exactly what it did. Open source arguments aside, perhaps vendors should make a practice of creating detailed TID's for released patches, documenting what changes in the system will occur upon application. Ryan Fox Noguska rfox () noguska com
Current thread:
- FW: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Forrester, Mike (Aug 01)
- <Possible follow-ups>
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Patrick R. Sweeney (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Microsoft Security Response Center (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) David LeBlanc (Aug 03)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Neena Grimm (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Russ (Aug 02)