funsec mailing list archives

Re: Escapee from Redmond

From: Matthew Murphy <mattmurphy () kc rr com>
Date: Wed, 04 Jan 2006 00:40:01 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Kevin McAleavey wrote:

 It was posted to DSL Reports earlier. We obtained a copy of it to see if it was actually malware - turned out to be 
from Microsoft "for real" and contained "WindowsXP-KB912919-x86-ENU.exe" within a ZIP file. We fed it to a few lab 
rats and it wanted to write to a strange new folder on a D: drive. So we ran it on a couple of lab rats that HAD a D: 
drive.

 Setup began, wham! BSOD that would have made NT 3.5 proud. "kernel-in-page" error and the world latched. Hard reboot 
and the "you've been naughty" check of the D: drive every time.   :)

 I can see why they were a bit miffed at it escaping Redmond. Heh.


Perhaps in cases of exploitation and such criticism for its lack of a
patch, Microsoft should simply post the beta patches as they produce
them.  A sort of nightly build, if you will, to tear a page from the
open-source book.

The Listons of the world might say "See, what took you so long!", try
out these interim patches, and then immediately have their answer.
People are asking for it, and I'm glad, for one that MS has the
restraint not to release such code upon the general public.

After all, if Microsoft released one patch like that to RTM, I think we
can all agree on *EXACTLY* what that would do to the uptake rates of
future patches, possibly for years to follow.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDu23Bfp4vUrVETTgRAw30AKCJL/EzoX5Mv7jrp2uoMUwmz+JsRACfQU7N
CQWXC/KtO1tl3Fdii+Ylu+M=
=Cpuk
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Huh? Microsoft pre-release release: WMF patch? Fergie (Jan 03)
- Re: Huh? Microsoft pre-release release: WMF patch? nodialtone (Jan 03)
- Re: Escapee from Redmond (was: Huh? Microsoft pre-release release: WMF patch?) Kevin McAleavey (Jan 03)
  - Re: Escapee from Redmond Matthew Murphy (Jan 03)
    - Re: Escapee from Redmond Kevin McAleavey (Jan 03)
    - Re: Escapee from Redmond dudevanwinkle () gmail com (Jan 04)
    - Re: Escapee from Redmond Florian Weimer (Jan 04)