[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <605f8e050909151349p355aac4fr598fdaa5f0db607e@mail.gmail.com>
Date: Tue, 15 Sep 2009 16:49:55 -0400
From: Jeffrey Walton <noloader@...il.com>
To: nowhere@...null.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: 3rd party patch for XP for MS09-048?
Hi Aras,
> Given that M$ has officially shot-down all current Windows XP users by not
> issuing a patch for a DoS level issue,
Can you cite a reference?
Unless Microsoft has changed their end of life policy [1], XP should
be patched for security vulnerabilities until about 2014. Both XP Home
and XP Pro's mainstream support ended in 4/2009, but extended support
ends in 4/2014 [2]. Given that we know the end of extended support,
take a look at bullet 17 of [1]:
17. What is the Security Update policy?
Security updates will be available through the end of the Extended
Support phase (five years of Mainstream Support plus five years of
the Extended Support) at no additional cost for most products.
Security updates will be posted on the Microsoft Update Web site
during both the Mainstream and the Extended Support phase.
> I realize some of you might be tempted to relay the M$ BS about "not being
> feasible because it's a lot of work" rhetoric...
Not at all.
Jeff
[1] http://support.microsoft.com/gp/lifepolicy
[2] http://support.microsoft.com/gp/lifeselect
On Tue, Sep 15, 2009 at 2:46 PM, Aras "Russ" Memisyazici
<nowhere@...null.com> wrote:
> Hello All:
>
> Given that M$ has officially shot-down all current Windows XP users by not
> issuing a patch for a DoS level issue, I'm now curious to find out whether
> or not any brave souls out there are already working or willing to work on
> an open-source patch to remediate the issue within XP.
>
> I realize some of you might be tempted to relay the M$ BS about "not being
> feasible because it's a lot of work" rhetoric... I would just like to hear
> the thoughts of the true experts subscribed to these lists :)
>
> No harm in that is there?
>
> Aras "Russ" Memisyazici
> Systems Administrator
> Virginia Tech
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists