| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4AB10B98.2030601@pacbell.net> Date: Wed, 16 Sep 2009 09:00:24 -0700 From: Susan Bradley <sbradcpa@...bell.net> To: Elizabeth.a.greene@...il.com Cc: bugtraq@...urityfocus.com Subject: Re: 3rd party patch for XP for MS09-048? Only if you are a consumer. In a network we ALL have listening ports out there. Elizabeth.a.greene@...il.com wrote: > As I understand the bulletin, Microsoft will not be releasing MS09-048 patches for XP because, by default, it runs no listening services or the windows firewall can protect it. > > Quoting http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx > "If Windows XP is listed as an affected product, why is Microsoft not issuing an update for it? > By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability. Windows XP Service Pack 2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network. ... Customers running Windows XP are at reduced risk, and Microsoft recommends they use the firewall included with the operating system, or a network firewall, to block access to the affected ports and limit the attack surface from untrusted networks." > > -eg > >
Powered by blists - more mailing lists