Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Too much misleading advice on the Universal Plug-and-Play security hole

From: "Marc Maiffret" <marc () eeye com>
Date: Wed, 26 Dec 2001 19:24:21 -0800
| -----Original Message-----
| From: Richard M. Smith [mailto:rms () computerbytesman com]
| Sent: Wednesday, December 26, 2001 10:04 AM
| To: bugtraq () securityfocus com
| Subject: Too much misleading advice on the Universal Plug-and-Play
| security hole
|
|
| Hi,
|
| The more I look at the security problems in the Universal Plug-and-Play
| (UPNP) feature of Windows, the more I think it is a big mistake to
| characterized them as Windows XP problems.  It is entirely possible that
| there are more Windows ME (Millennium Edition) users who are vulnerable
| to the security hole than XP users.  The risk here is that Windows ME
| users won't get the Microsoft patch because they assume the problems are
| only for XP given most of the press coverage so far.
<snip>
|
| Richard M. Smith
| http://www.computerbytesman.com

Good to try to clear things up like that however you just confused people
even more again. Windows 98 is also affected yet you fail to mention it.

Once again for those of us that missed it in Microsoft's bulletin the first
time:
Affected Software:
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows XP

That means, and as I've said to one to many reporters, if you or someone you
know is running Windows 98/ME/XP then you/they need to install the patch.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
Previous By Date Next
Previous By Thread Next

Current thread: