[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3rd party patch for XP for MS09-048?

To: my.security.lists@xxxxxxxxx
Subject: Re: 3rd party patch for XP for MS09-048?
From: Susan Bradley <sbradcpa@xxxxxxxxxxx>
Date: Wed, 16 Sep 2009 12:48:56 -0700

Cloud option maybe as we go forward but right now today, this isbusiness making the decisions here.


Desktop, if it were that easy we'd have ripped out desktops years ago.

Businesses have to be realistic. Sometimes there is not "plenty ofcomparable alternatives out there".

Sometimes the boss/business needs/line of business apps dictates you runwindows.


Rob Thompson wrote:

Susan Bradley wrote:

Only if you are a consumer.  In a network we ALL have listening ports
out there.


This is simply Microsofts way of forcing you to upgrade your OS.  They
pulled the same shenanigans with Windows 2000, if you do not recall.

I'd have to say, it's time to re-evaluate where you are funneling your
$$$.  If the vendor that you PAID your hard earned dollars to is not
supporting their product like they said they would, then it's time to
move on.

There are plenty of alternatives out there.  No one says you _have_ to
run Windows.

Elizabeth.a.greene@xxxxxxxxx wrote:

As I understand the bulletin, Microsoft will not be releasing MS09-048
patches for XP because, by default, it runs no listening services or
the windows firewall can protect it.

Quoting http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx
"If Windows XP is listed as an affected product, why is Microsoft not
issuing an update for it?
By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and
Windows XP Professional x64 Edition Service Pack 2 do not have a
listening service configured in the client firewall and are therefore
not affected by this vulnerability. Windows XP Service Pack 2 and
later operating systems include a stateful host firewall that provides
protection for computers against incoming traffic from the Internet or
from neighboring network devices on a private network. ... Customers
running Windows XP are at reduced risk, and Microsoft recommends they
use the firewall included with the operating system, or a network
firewall, to block access to the affected ports and limit the attack
surface from untrusted networks."

-eg

References:
- Re: Re: 3rd party patch for XP for MS09-048?
  - From: Elizabeth . a . greene
- Re: 3rd party patch for XP for MS09-048?
  - From: Susan Bradley
- Re: 3rd party patch for XP for MS09-048?
  - From: Rob Thompson

Prev by Date: [USN-832-1] FreeRADIUS vulnerability
Next by Date: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Previous by thread: Re: 3rd party patch for XP for MS09-048?
Next by thread: Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
Index(es):
- Date
- Thread