Full Disclosure mailing list archives
Re: 3rd party patch for XP for MS09-048?
From: "Eric C. Lukens" <eric.lukens () uni edu>
Date: Tue, 15 Sep 2009 16:37:04 -0500
Reference: http://www.computerworld.com/s/article/9138007/Microsoft_No_TCP_IP_patches_for_you_XP MS claims the patch would require to much overhaul of XP to make it worth it, and they may be right. Who knows how many applications might break that were designed for XP if they have to radically change the TCP/IP stack. Now, I don't know if the MS speak is true, but it certainly sounds like it is not going to be patched. The other side of the MS claim is that a properly-firewalled XP system would not be vulnerable to a DOS anyway, so a patch shouldn't be necessary. -Eric -------- Original Message -------- Subject: Re: 3rd party patch for XP for MS09-048? From: Jeffrey Walton <noloader () gmail com> To: nowhere () devnull com Cc: bugtraq () securityfocus com, full-disclosure () lists grok org uk Date: 9/15/09 3:49 PM
Hi Aras,Given that M$ has officially shot-down all current Windows XP users by not issuing a patch for a DoS level issue,Can you cite a reference? Unless Microsoft has changed their end of life policy [1], XP should be patched for security vulnerabilities until about 2014. Both XP Home and XP Pro's mainstream support ended in 4/2009, but extended support ends in 4/2014 [2]. Given that we know the end of extended support, take a look at bullet 17 of [1]: 17. What is the Security Update policy? Security updates will be available through the end of the Extended Support phase (five years of Mainstream Support plus five years of the Extended Support) at no additional cost for most products. Security updates will be posted on the Microsoft Update Web site during both the Mainstream and the Extended Support phase.I realize some of you might be tempted to relay the M$ BS about "not being feasible because it's a lot of work" rhetoric...Not at all. Jeff [1] http://support.microsoft.com/gp/lifepolicy [2] http://support.microsoft.com/gp/lifeselect On Tue, Sep 15, 2009 at 2:46 PM, Aras "Russ" Memisyazici <nowhere () devnull com> wrote:Hello All: Given that M$ has officially shot-down all current Windows XP users by not issuing a patch for a DoS level issue, I'm now curious to find out whether or not any brave souls out there are already working or willing to work on an open-source patch to remediate the issue within XP. I realize some of you might be tempted to relay the M$ BS about "not being feasible because it's a lot of work" rhetoric... I would just like to hear the thoughts of the true experts subscribed to these lists :) No harm in that is there? Aras "Russ" Memisyazici Systems Administrator Virginia Tech
-- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 319-273-7434 http://www.uni.edu/elukens/ http://weblogs.uni.edu/elukens/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- 3rd party patch for XP for MS09-048? Aras "Russ" Memisyazici (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Jeffrey Walton (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 15)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 15)
- Re: 3rd party patch for XP for MS09-048? Jeffrey Walton (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 15)
- Re: 3rd party patch for XP for MS09-048? Tom Grace (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 15)
- Re: 3rd party patch for XP for MS09-048? Jeffrey Walton (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Eric Kimminau (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Matt Riddell (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Eric C. Lukens (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Thor (Hammer of God) (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Thor (Hammer of God) (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Thor (Hammer of God) (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Larry Seltzer (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Aras "Russ" Memisyazici (Sep 17)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 17)
- Message not available
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 17)
- Re: 3rd party patch for XP for MS09-048? John Morrison (Sep 17)