Bugtraq mailing list archives

RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)

From: "John Howie" <JHowie () securitytoolkit com>
Date: Thu, 6 Feb 2003 08:01:58 -0800

Jason,


I've proposed to Microsoft that they stop publishing Mitigating

Factors in

their security bulletins, and now it looks necessary to propose the

same

in
a more open forum.


I disagree. From a risk perspective you need to know mitigating factors.
To kill the hype that accompanies a newly discovered vulnerability you
need a cool, dispassionate, overview of the problem. Your sample
'aggravating' factor was anything but, and would be more likely to add
to the hype.

I think your decision to ask Microsoft first is a sign of your
prejudice, why not ask the Open Source communities to lead the way? I
can see it now: "WARNING: By using Open Source code anyone can modify
the source, replace your binaries, and completely root your system!"

John Howie CISSP MCSE
President, Security Toolkit LLC

Current thread:

FW: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Jason Coombs (Feb 06)
- <Possible follow-ups>
- RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) John Howie (Feb 06)
  - Re: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Florian Weimer (Feb 06)
  - RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Jason Coombs (Feb 07)
    - RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577) Jason Coombs (Feb 07)