Bugtraq mailing list archives
Re: 3rd party patch for XP for MS09-048?
From: Rob Thompson <my.security.lists () gmail com>
Date: Wed, 16 Sep 2009 11:24:08 -0700
Susan Bradley wrote:
Only if you are a consumer. In a network we ALL have listening ports out there.
This is simply Microsofts way of forcing you to upgrade your OS. They pulled the same shenanigans with Windows 2000, if you do not recall. I'd have to say, it's time to re-evaluate where you are funneling your $$$. If the vendor that you PAID your hard earned dollars to is not supporting their product like they said they would, then it's time to move on. There are plenty of alternatives out there. No one says you _have_ to run Windows.
Elizabeth.a.greene () gmail com wrote:As I understand the bulletin, Microsoft will not be releasing MS09-048 patches for XP because, by default, it runs no listening services or the windows firewall can protect it. Quoting http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx "If Windows XP is listed as an affected product, why is Microsoft not issuing an update for it? By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability. Windows XP Service Pack 2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network. ... Customers running Windows XP are at reduced risk, and Microsoft recommends they use the firewall included with the operating system, or a network firewall, to block access to the affected ports and limit the attack surface from untrusted networks." -eg
-- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
Current thread:
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048?, (continued)
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048? Susan Bradley (Sep 16)
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048? Larry Seltzer (Sep 16)
- RE: [Full-disclosure] 3rd party patch for XP for MS09-048? Aras "Russ" Memisyazici (Sep 17)
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048? John Morrison (Sep 17)
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048? Susan Bradley (Sep 17)
- Message not available
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048? Susan Bradley (Sep 17)
- Re: [Full-disclosure] 3rd party patch for XP for MS09-048? Mailing lists at Core Security Technologies (Sep 23)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Rob Thompson (Sep 16)
- Re: 3rd party patch for XP for MS09-048? Susan Bradley (Sep 16)