Bugtraq mailing list archives
RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
From: "John Howie" <JHowie () securitytoolkit com>
Date: Thu, 6 Feb 2003 08:01:58 -0800
Jason,
I've proposed to Microsoft that they stop publishing Mitigating
Factors in
their security bulletins, and now it looks necessary to propose the
same
in a more open forum.
I disagree. From a risk perspective you need to know mitigating factors. To kill the hype that accompanies a newly discovered vulnerability you need a cool, dispassionate, overview of the problem. Your sample 'aggravating' factor was anything but, and would be more likely to add to the hype. I think your decision to ask Microsoft first is a sign of your prejudice, why not ask the Open Source communities to lead the way? I can see it now: "WARNING: By using Open Source code anyone can modify the source, replace your binaries, and completely root your system!" John Howie CISSP MCSE President, Security Toolkit LLC
Current thread:
- FW: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Jason Coombs (Feb 06)
- <Possible follow-ups>
- RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) John Howie (Feb 06)