Blog # 1067 The Catch-22 of XP Service Pack 2

(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version

The Catch-22 of XP Service Pack 2

Mon Aug 23 20:53:39 2004 The Catch-22 of XP Service Pack 2
Posted by Tony Lawrence
Search Keys: microsoft,security
Referencing: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aumng.mspx

I hope that the brewing trouble around this service pack hasn't escaped your attention. It's important to understand that this patch WILL break many programs. On the other hand, it fixes some truly awful security holes.

So what do you do? I have clients who have been told by their application vendor NOT to install this. So their choice is either remain vulnerable to the various problems that this addresses, or be unable to use the software their business depends upon. Some choice.

Microsoft richly deserves the pain they will suffer from this debacle.

Click here to add your comments

Gates, Ballmer and company can't engineer in good security. So like a leaky roof on a sleazy shack, they madly nail on shingles to fix the leaks, hoping that none of the nails penetrate the plumbing, wiring and the heads of the people living inside. Sheesh! It's almost enough to make you wish for the days of CP/M.

--BigDumbDinosaur

Gates, Ballmer and company can't engineer in good security. So like a leaky roof on a sleazy shack, they madly nail on shingles to fix the leaks, hoping that none of the nails penetrates the plumbing, wiring and the heads of the people living inside. Sheesh! It's almost enough to make you wish for the days of CP/M.

--BigDumbDinosaur

---August 24, 2004

Oh, ya. Last week I read a new advisory on a published exploit for Internet Explorer were you could get malicious code to execute buy tricking the user to drag and drop a file onto their desktop (it's not the one were you drag a image into the cmd.exe window). However it could be modified to operate under a single click.

If affected all versions of IE on WinXP, even with SP2 installed. So they didn't fix everything that needed to be fixed anyways.

http://secunia.com/advisories/12321/

Luckily for MS Firefox came along when it did. But IE is part Explorer shell and since that software and it's libraries makes up a big hunk of Windows it means similar flaws could exist elsewere.

--Drag

Gates, Ballmer and company can't engineer in good security. So like a leaky roof on a sleazy shack, they madly nail on shingles to fix the leaks, hoping that none of the nails penetrates the plumbing, wiring and the heads of the people living inside. Sheesh! It's almost enough to make you wish for the days of CP/M.

--BigDumbDinosaur

---August 24, 2004

Oh, ya. Last week I read a new advisory on a published exploit for Internet Explorer were you could get malicious code to execute buy tricking the user to drag and drop a file onto their desktop (it's not the one were you drag a image into the cmd.exe window). However it could be modified to operate under a single click.

If affected all versions of IE on WinXP, even with SP2 installed. So they didn't fix everything that needed to be fixed anyways.

http://secunia.com/advisories/12321/

Luckily for MS Firefox came along when it did. But IE is part Explorer shell and since that software and it's libraries makes up a big hunk of Windows it means similar flaws could exist elsewere.

--Drag

---August 24, 2004

Could?

:-)

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Why no "Digg this!" etc.?

Macworld Mac Security Superguide $9.99

Printer Friendly Version

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

Printer Friendly Version

book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!

I sell and support
Kerio Mail server

More:

- Security

- Microsoft

- Blog

- Microsoft

Unix/Linux Consultants

Skills Tests

Guest Post Here

My Favorites