funsec mailing list archives
Re: Microsoft to rush out emergency Windows patch today
From: "Erik Harrison" <eharrison () gmail com>
Date: Thu, 23 Oct 2008 21:50:23 -0400
how many attack vectors are there out there now? pick one, add this payload, poof. seriously, why is this even a conversation? patch. its important. you know why. the devils advocate angle really isn't something anyone dealing with deploying this patch to reams of systems wants to hear right now. On Thu, Oct 23, 2008 at 9:17 PM, Larry Seltzer <larry () larryseltzer com> wrote:
<< If you have a system that is not patched against this threat, you will be pwned in the same fashion as the MS05-039 exploit spread like wildfire -- that was my point. How? (This is hypothetical here) I am running XPSP2 and my firewall is on. I don't have file and print sharing on, as is the case with the overwhelming majority of XPSP2 users. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: Paul Ferguson [mailto:fergdawgster () gmail com] Sent: Thursday, October 23, 2008 9:06 PM To: Larry Seltzer Cc: Juha-Matti Laurio; funsec () linuxbox org Subject: Re: [funsec] Microsoft to rush out emergency Windows patch today -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Oct 23, 2008 at 4:58 PM, Larry Seltzer <larry () larryseltzer com> wrote:IIRC, MS05-039 didn't hit XP SP2 users as hard as those of earlier versions for the same reasons MS08-067 doesn't. Back then XPSP2 was relatively new, about a year old and met with a lot of resistance, so the world was full of vulnerable systems. How many pre-XP SP2 systems are out there in the wild now? (And not already massively infectedwithsomething?)Doesn't matter, red herring. If you have a system that is not patched against this threat, you will be pwned in the same fashion as the MS05-039 exploit spread like wildfire -- that was my point. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJAR+Lq1pz9mNUZTMRAmVWAJ97OyZdEx0WZRngkKCY96qsu/ujrACfSNtT 5/vLeB+ZH6OvdSP7rkVA1rM= =oBA2 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Microsoft to rush out emergency Windows patch today, (continued)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Jack McCarthy (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Valdis . Kletnieks (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Dragos Ruiu (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Dragos Ruiu (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Gadi Evron (Oct 30)