Re: Microsoft to rush out emergency Windows patch today

["Larry Seltzer" <larry () larryseltzer com>]

IIRC, MS05-039 didn't hit XP SP2 users as hard as those of earlier
versions for the same reasons MS08-067 doesn't. Back then XPSP2 was
relatively new, about a year old and met with a lot of resistance, so
the world was full of vulnerable systems. How many pre-XP SP2 systems
are out there in the wild now? (And not already massively infected with
something?)

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: Paul Ferguson [mailto:fergdawgster () gmail com] 
Sent: Thursday, October 23, 2008 7:51 PM
To: Larry Seltzer
Cc: Juha-Matti Laurio; funsec () linuxbox org
Subject: Re: [funsec] Microsoft to rush out emergency Windows patch
today

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Oct 23, 2008 at 4:03 PM, Larry Seltzer <larry () larryseltzer com>
wrote:

> > > -Block TCP ports 139 and 445 at the firewall

> So it's serious, about as serious a bug as we've seen from Microsoft
in
> at least 2 or 3 years, but it's no Blaster. People are largely better
> protected now in spite of themselves.

MS05-039.

Yes, that serious.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFJAQ3Lq1pz9mNUZTMRArz6AKCWFc6x67QiR3rAg689SsQjDthNWwCfZqgf
fHL6YoTclMei4r+qS2uywoo=
=OnGD
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.