funsec mailing list archives
Re: Microsoft to rush out emergency Windows patch today
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 23 Oct 2008 21:17:13 -0400
<< If you have a system that is not patched against this threat, you will be pwned in the same fashion as the MS05-039 exploit spread like wildfire -- that was my point. How? (This is hypothetical here) I am running XPSP2 and my firewall is on. I don't have file and print sharing on, as is the case with the overwhelming majority of XPSP2 users. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: Paul Ferguson [mailto:fergdawgster () gmail com] Sent: Thursday, October 23, 2008 9:06 PM To: Larry Seltzer Cc: Juha-Matti Laurio; funsec () linuxbox org Subject: Re: [funsec] Microsoft to rush out emergency Windows patch today -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Oct 23, 2008 at 4:58 PM, Larry Seltzer <larry () larryseltzer com> wrote:
IIRC, MS05-039 didn't hit XP SP2 users as hard as those of earlier versions for the same reasons MS08-067 doesn't. Back then XPSP2 was relatively new, about a year old and met with a lot of resistance, so the world was full of vulnerable systems. How many pre-XP SP2 systems are out there in the wild now? (And not already massively infected
with
something?)
Doesn't matter, red herring. If you have a system that is not patched against this threat, you will be pwned in the same fashion as the MS05-039 exploit spread like wildfire -- that was my point. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJAR+Lq1pz9mNUZTMRAmVWAJ97OyZdEx0WZRngkKCY96qsu/ujrACfSNtT 5/vLeB+ZH6OvdSP7rkVA1rM= =oBA2 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft to rush out emergency Windows patch today Juha-Matti Laurio (Oct 23)
- <Possible follow-ups>
- Re: Microsoft to rush out emergency Windows patch today Juha-Matti Laurio (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Jack McCarthy (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Valdis . Kletnieks (Oct 29)