<<< Date Index >>>     <<< Thread Index >>>

Re: Office 10 applications & flashdrives can be used to browse restricted drives



Go back and read the original post.

Whether or NOT this is a true vulnerability....

"VENDOR RESPONSE
This issue was reported to Microsoft on Feb 11, 2005, acknowledged by
support, and as of today our best efforts to get a hotfix (or even a
commitment to produce a hotfix at some later date) have been fruitless. "

So let's see email sent 2/10 to secure@xxxxxxxxxxxxx [you did contact secure@ right?] and on 2/23 since you received no patch [13 days for patch testing...dude...get real] you blasted this to a listserve?

I emailed Sonny on the 23rd asking if he wanted a fast patch that broke stuff or a tested patch. He's yet to respond to me on that question.

"If" this is a issue, "If" it needs a patch, Sonny didn't even let a "Patch Tuesday" go by before blasting.

Whether or not you want to cut Microsoft some slack... there's a process of ethical and responsible disclosure that I would expect Sonny as a representative of a governmental agency would understand. He not only put his own government computers at risk but others in this disclosure, yes?

How about cutting us Admins some slack even if you "don't" cut Redmond some?

Susan






Jay D. Dyson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 25 Feb 2005, Paul wrote:

Seriously, people, cut Microsoft some slack. They're doing the best they can.


Considering that Microsoft is a multi-billion dollar corporation, I cannot agree that it deserves any slack. If Microsoft can afford to sell software that leaves its customers at risk, it can afford to issue hotfixes to remedy the problems that it created. And I don't buy into the "get the Service Pack" argument after having dealt with the ridiculously FUBAR'd mess called SP2 for XP that went down last year.

Bottom line: Microsoft customers are paying gourmet prices for Redmond's products and are getting McDonald's quality for security.

- -Jay

  (    (                                                        _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@xxxxxxxxxxxxx -----<) | = |-'
 `--' `--'  `-I just started World War III.  You're welcome.-'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFCILLlBYoRACwSF0cRAmorAJwNfCme2RBnV6rrqGqTjHMH/2friwCeMZjH
OtuTdoBHOvXjZSg0kSOfHKE=
=ENFp
-----END PGP SIGNATURE-----


--
Chapter 4 of The Complete Patch Management Book: https://www.ecora.com/ecora/jump/pm149.asp

So why is it the only book on NT Event Logging is out of print?
http://tinyurl.com/3kwc2

And if you don't know about www.eventid.net You should!