Microsoft got it wrong

To: "'Giovanni Campagnoli'" <bioia@xxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Microsoft got it wrong
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Oct 2003 16:51:29 -0400
Importance: Normal
In-reply-to: <20031015191009.44506.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Only last month in USA Today, Microsoft was claiming that Windows Messenger
didn't represent a security hazard:

   Pop-ups assail through Windows
   http://www.usatoday.com/tech/news/2003-09-24-popups_x.htm

   Microsoft views pop-up boxes as a benign nuisance 
   that does "not pose a security risk," says Greg Sullivan, 
   product manager for Windows. 

Looks like Microsoft crystal ball is pretty fuzzy.  Windows Messsenger is
just the sort of seldom-used feature that should be turned off by default in
Windows XP.

Richard M. Smith
http://www.ComputerBytesMan.com

-----Original Message-----
From: Giovanni Campagnoli [mailto:bioia@xxxxxxxxx] 
Sent: Wednesday, October 15, 2003 3:10 PM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Microsoft Windows Security Bulletin Summary October

Microsoft Security Bulletin MS03-043 - Buffer Overrun
in Messenger Service Could Allow Code Execution
(828035)

Follow-Ups:
- Re: Microsoft got it wrong
  - From: T.A. Adjuster

References:
- Microsoft Windows Security Bulletin Summary October
  - From: Giovanni Campagnoli

Prev by Date: Microsoft Windows Security Bulletin Summary October
Next by Date: ColdFusion SQL Error Pages XSS
Previous by thread: Microsoft Windows Security Bulletin Summary October
Next by thread: Re: Microsoft got it wrong
Index(es):
- Date
- Thread