lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 16 Sep 2009 12:48:56 -0700
From: Susan Bradley <sbradcpa@...bell.net>
To: my.security.lists@...il.com
Cc: Elizabeth.a.greene@...il.com, bugtraq@...urityfocus.com
Subject: Re: 3rd party patch for XP for MS09-048?

Cloud option maybe as we go forward but right now today, this is 
business making the decisions here.

Desktop, if it were that easy we'd have ripped out desktops years ago.

Businesses have to be realistic.  Sometimes there is not "plenty of 
comparable alternatives out there".

Sometimes the boss/business needs/line of business apps dictates you run 
windows.

Rob Thompson wrote:
> Susan Bradley wrote:
>   
>> Only if you are a consumer.  In a network we ALL have listening ports
>> out there.
>>     
>
> This is simply Microsofts way of forcing you to upgrade your OS.  They
> pulled the same shenanigans with Windows 2000, if you do not recall.
>
> I'd have to say, it's time to re-evaluate where you are funneling your
> $$$.  If the vendor that you PAID your hard earned dollars to is not
> supporting their product like they said they would, then it's time to
> move on.
>
> There are plenty of alternatives out there.  No one says you _have_ to
> run Windows.
>
>   
>> Elizabeth.a.greene@...il.com wrote:
>>     
>>> As I understand the bulletin, Microsoft will not be releasing MS09-048
>>> patches for XP because, by default, it runs no listening services or
>>> the windows firewall can protect it.
>>>
>>> Quoting http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx
>>> "If Windows XP is listed as an affected product, why is Microsoft not
>>> issuing an update for it?
>>> By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and
>>> Windows XP Professional x64 Edition Service Pack 2 do not have a
>>> listening service configured in the client firewall and are therefore
>>> not affected by this vulnerability. Windows XP Service Pack 2 and
>>> later operating systems include a stateful host firewall that provides
>>> protection for computers against incoming traffic from the Internet or
>>> from neighboring network devices on a private network. ... Customers
>>> running Windows XP are at reduced risk, and Microsoft recommends they
>>> use the firewall included with the operating system, or a network
>>> firewall, to block access to the affected ports and limit the attack
>>> surface from untrusted networks."
>>>
>>> -eg
>>>
>>>   
>>>       
>>     
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ