funsec mailing list archives
Re: Escapee from Redmond
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Wed, 04 Jan 2006 00:40:01 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Kevin McAleavey wrote:
It was posted to DSL Reports earlier. We obtained a copy of it to see if it was actually malware - turned out to be from Microsoft "for real" and contained "WindowsXP-KB912919-x86-ENU.exe" within a ZIP file. We fed it to a few lab rats and it wanted to write to a strange new folder on a D: drive. So we ran it on a couple of lab rats that HAD a D: drive. Setup began, wham! BSOD that would have made NT 3.5 proud. "kernel-in-page" error and the world latched. Hard reboot and the "you've been naughty" check of the D: drive every time. :) I can see why they were a bit miffed at it escaping Redmond. Heh.
Perhaps in cases of exploitation and such criticism for its lack of a patch, Microsoft should simply post the beta patches as they produce them. A sort of nightly build, if you will, to tear a page from the open-source book. The Listons of the world might say "See, what took you so long!", try out these interim patches, and then immediately have their answer. People are asking for it, and I'm glad, for one that MS has the restraint not to release such code upon the general public. After all, if Microsoft released one patch like that to RTM, I think we can all agree on *EXACTLY* what that would do to the uptake rates of future patches, possibly for years to follow. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDu23Bfp4vUrVETTgRAw30AKCJL/EzoX5Mv7jrp2uoMUwmz+JsRACfQU7N CQWXC/KtO1tl3Fdii+Ylu+M= =Cpuk -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Huh? Microsoft pre-release release: WMF patch? Fergie (Jan 03)
- Re: Huh? Microsoft pre-release release: WMF patch? nodialtone (Jan 03)
- Re: Escapee from Redmond (was: Huh? Microsoft pre-release release: WMF patch?) Kevin McAleavey (Jan 03)
- Re: Escapee from Redmond Matthew Murphy (Jan 03)
- Re: Escapee from Redmond Kevin McAleavey (Jan 03)
- Re: Escapee from Redmond dudevanwinkle () gmail com (Jan 04)
- Re: Escapee from Redmond Florian Weimer (Jan 04)
- Re: Escapee from Redmond Matthew Murphy (Jan 03)