Text 11449, 287 rader
Skriven 2006-06-09 23:35:12 av Rich Gauszka (1:379/45)
Kommentar till text 11448 av Rich (1:379/45)
Ärende: Re: Are Windows 9x Explorer users toast security wise?
==============================================================
From: "Rich Gauszka" <gauszka@hotmail.com>
This is a multi-part message in MIME format.
------=_NextPart_000_0044_01C68C1D.5B20BC10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
In April Microsoft pledged that it would patch the vulnerability = (MS06-015)
for 98 and ME. Now in June they've added the little pledge = breaking revision
at the bottom with the excuse to publications that it = was too hard to fix.
The new Microsoft motto? - Security is our motto = unless it's too hard to fix
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
V2.1 (June 8, 2006): Bulletin revised: FAQ Section updated to notify =
customers that a security update will not be shipped for Microsoft = Windows
98, Microsoft Windows 98 Second Edition (SE), and Microsoft = Windows
Millennium Edition (ME).
=20
"Rich" <@> wrote in message news:448a35bd@w3.nls.net...
The article's author's statement is garbage and not supported by =
the supposed quote or by the published Microsoft bulletin. If you want =
accurate information, look to the bulletin at the URL I provided.
Rich
"Rich Gauszka" <gauszka@hotmail.com> wrote in message =
news:448a2d7b@w3.nls.net...
My original subject line said "Are W2k Explorer users toast =
security wise?" . Do you disagree with Christopher Budd or do you think = he
was misquoted by pcworld about 2k and it's security vulnerability and = the
extensive reengineering of a critical core components that would be = needed?
It's the 'extensive reengineering' quote that got my attention
I would bet a good many people that have home networks have port 139 =
open for file and print sharing. Just issuing a blurb to close it seems = a bit
pointless. I also doubt any of those people that are on 98 will = invest in a
perimeter firewall.=20
I would say they are all zombie/trojan candidates but I can't talk =
about them anymore as I am inficted with the wga 'phone home' trojan=20
=20
"Rich" <@> wrote in message news:448a28f2$1@w3.nls.net...
What nonsense! Windows 2000 was updated in the original =
release of =
http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx. = Windows 9x
is not being updated. From the bulletin
If Microsoft Windows 98, Microsoft Windows 98 Second Edition =
(SE), and Microsoft Windows Millennium Edition (ME) are listed as an = affected
product, why is Microsoft not issuing security updates for = them?
During the development of Windows 2000, significant enhancements =
were made to the underlying architecture of Windows Explorer. The = Microsoft
Windows 98, Microsoft Windows 98 Second Edition (SE), and = Microsoft Windows
Millennium Edition (ME) Windows Explorer architecture = is much less robust
than the more recent Windows architectures. Due to = these fundamental
differences, after extensive investigation, Microsoft = has found that it is
not feasible to make the extensive changes = necessary to Windows Explorer on
Microsoft Windows 98, Microsoft Windows = 98 Second Edition (SE), and Microsoft
Windows Millennium Edition (ME) to = eliminate the vulnerability. To do so
would require reengineer a = significant amount of a critical core component of
the operating system. = After such a reengineering effort, there would be no
assurance that = applications designed to run on these platforms would continue
to = operate on the updated system.
Microsoft strongly recommends that customers still using =
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and = Microsoft
Windows Millennium Edition (ME) protect those systems by = placing them behind
a perimeter firewall which is filtering traffic on = TCP Port 139. Such a
firewall will block attacks attempting to exploit = this vulnerability from
outside of the firewall, as discussed in the = workarounds section below.
Rich
"Rich Gauszka" <gauszka@hotmail.com> wrote in message =
news:4489d02a@w3.nls.net...
http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041
Microsoft said it wasn't feasible to make extensive changes to =
Windows=20
Explorer to eliminate a security vulnerability since the =
underlying=20
architecture of Windows 2000 is much less robust, wrote =
Christopher Budd, a=20
program manager with Microsoft's security response center.
"Due to these fundamental differences, these changes would =
require=20
reengineering a significant amount of a critical core component =
of the=20
operating system," Budd said.
As a result, applications may not run on the updated system, he =
said.
------=_NextPart_000_0044_01C68C1D.5B20BC10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2873" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>In April Microsoft pledged that it =
would patch the=20
vulnerability (MS06-015) for 98 and ME. Now in June they've added the =
little=20
pledge breaking revision at the bottom with the excuse to =
publications that=20
it was too hard to fix. The new Microsoft motto? - Security is our motto =
unless it's too hard to fix</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx"=
>http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx</A></FO=
NT></DIV>
<DIV><FONT face=3DArial size=3D2>V2.1 (June 8, 2006): Bulletin revised: =
FAQ Section=20
updated to notify customers that a security update will not be shipped = for=20
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and =
Microsoft=20
Windows Millennium Edition (ME).</DIV>
<DIV></TD> </FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:448a35bd@w3.nls.net">news:448a35bd@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> The article's author's =
statement is=20
garbage and not supported by the supposed quote or by the published =
Microsoft=20
bulletin. If you want accurate information, look to =
the bulletin at=20
the URL I provided.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich Gauszka" <<A=20
href=3D"mailto:gauszka@hotmail.com">gauszka@hotmail.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:448a2d7b@w3.nls.net">news:448a2d7b@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>My original subject line said =
"<FONT=20
size=3D2>Are W2k Explorer users toast security wise?" </FONT>. =
Do you=20
disagree with Christopher Budd or do you think he was misquoted =
by=20
pcworld about 2k and it's security vulnerability and the extensive =
<FONT=20
face=3D"Times New Roman" size=3D3>reengineering of a critical =
core=20
components that would be needed?</FONT></FONT></DIV>
<DIV>It's the 'extensive reengineering' quote that got my =
attention</DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would bet a good many people that =
have home=20
networks have port 139 open for file and print sharing. Just =
issuing a=20
blurb to close it seems a bit pointless. I also doubt any of those =
people=20
that are on 98 will invest in a perimeter firewall. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I would say they are all =
zombie/trojan=20
candidates but I can't talk about them anymore as I am inficted with =
the wga=20
'phone home' trojan </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:448a28f2$1@w3.nls.net">news:448a28f2$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> What nonsense! =
Windows=20
2000 was updated in the original release of <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx</A>.&nb=
sp;=20
Windows 9x is not being updated. From the =
bulletin</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV><STRONG>If Microsoft Windows 98, Microsoft Windows 98 =
Second=20
Edition (SE), and Microsoft Windows Millennium Edition (ME) are =
listed=20
as an affected product, why is Microsoft not issuing security =
updates=20
for them?<BR></STRONG>During the development of Windows 2000,=20
significant enhancements were made to the underlying =
architecture of=20
Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 =
Second=20
Edition (SE), and Microsoft Windows Millennium Edition (ME) =
Windows=20
Explorer architecture is much less robust than the more recent =
Windows=20
architectures. Due to these fundamental differences, after =
extensive=20
investigation, Microsoft has found that it is not feasible to =
make the=20
extensive changes necessary to Windows Explorer on Microsoft =
Windows 98,=20
Microsoft Windows 98 Second Edition (SE), and Microsoft Windows=20
Millennium Edition (ME) to eliminate the vulnerability. To do so =
would=20
require reengineer a significant amount of a critical core =
component of=20
the operating system. After such a reengineering effort, there =
would be=20
no assurance that applications designed to run on these =
platforms would=20
continue to operate on the updated system.<BR><BR>Microsoft =
strongly=20
recommends that customers still using Microsoft Windows 98, =
Microsoft=20
Windows 98 Second Edition (SE), and Microsoft Windows Millennium =
Edition=20
(ME) protect those systems by placing them behind a perimeter =
firewall=20
which is filtering traffic on TCP Port 139. Such a firewall will =
block=20
attacks attempting to exploit this vulnerability from outside of =
the=20
firewall, as discussed in the workarounds section=20
below.</DIV></BLOCKQUOTE>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich Gauszka" <<A=20
href=3D"mailto:gauszka@hotmail.com">gauszka@hotmail.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:4489d02a@w3.nls.net">news:4489d02a@w3.nls.net</A>...</DIV><B=
R><A=20
=
href=3D"http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041">http:=
//news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041</A><BR>Microsoft=20
said it wasn't feasible to make extensive changes to Windows=20
<BR>Explorer to eliminate a security vulnerability since the =
underlying=20
<BR>architecture of Windows 2000 is much less robust, wrote =
Christopher=20
Budd, a <BR>program manager with Microsoft's security response=20
center.<BR><BR><BR>"Due to these fundamental differences, these =
changes=20
would require <BR>reengineering a significant amount of a =
critical core=20
component of the <BR>operating system," Budd said.<BR><BR><BR>As =
a=20
result, applications may not run on the updated system, he=20
=
said.<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY><=
/HTML>
------=_NextPart_000_0044_01C68C1D.5B20BC10--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|