Comments on: Windows 7: Released with known critical bug http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/ Updates seen at the co-operative for Software Mon, 28 Jun 2010 11:51:45 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Jon http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16836 Jon Fri, 30 Oct 2009 15:32:05 +0000 http://www.news.software.coop/?p=807#comment-16836 It's not clear whether this bug is exploitable with a factor-default windows 7 configuration, or whether the user must first turn on file/printer sharing and/or mark a directory as shared. I think that has a bearing on how critical this bug is. It’s not clear whether this bug is exploitable with a factor-default windows 7 configuration, or whether the user must first turn on file/printer sharing and/or mark a directory as shared. I think that has a bearing on how critical this bug is.

]]> By: Simon Waters http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16755 Simon Waters Thu, 29 Oct 2009 17:47:59 +0000 http://www.news.software.coop/?p=807#comment-16755 I think the confusion is there are so many vulnerabilities in the SMB2 protocol stack that it is hard to keep track of them. Microsoft fixed 3 issues in MS09-050 which were critical or important on all relevant platforms. But this is a critical SMB vulnerability that wasn't fixed in MS09-050 as the article linked to explains. From a practical perspective it is mostly irrelevant, in that anyone exposing protocols like SMB that are intended for office users, hasn't got the idea of minimizing the exposed services. Although viruses could exploit some of these to spread within a network once in, most of these are DoS issues. Such a large number of vulnerabilities being discovered before release, does suggest that Microsoft coding practices are not exceeding industry standards. The bigger story here is that they aren't patching quickly when they know of issues, and they aren't backporting to "supported" operating systems quickly. I think the confusion is there are so many vulnerabilities in the SMB2 protocol stack that it is hard to keep track of them.

Microsoft fixed 3 issues in MS09-050 which were critical or important on all relevant platforms.

But this is a critical SMB vulnerability that wasn’t fixed in MS09-050 as the article linked to explains.

From a practical perspective it is mostly irrelevant, in that anyone exposing protocols like SMB that are intended for office users, hasn’t got the idea of minimizing the exposed services. Although viruses could exploit some of these to spread within a network once in, most of these are DoS issues.

Such a large number of vulnerabilities being discovered before release, does suggest that Microsoft coding practices are not exceeding industry standards. The bigger story here is that they aren’t patching quickly when they know of issues, and they aren’t backporting to “supported” operating systems quickly.

]]> By: MJ Ray http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16730 MJ Ray Thu, 29 Oct 2009 10:21:21 +0000 http://www.news.software.coop/?p=807#comment-16730 starting to? ;-) This isn't a new thing for me. Three of the cooperative principles are "education, training and information", "cooperation among cooperatives" and "concern for community". http://www.ica.coop/coop/principles.html#5 - I'm concerned that the co-op community may sleepwalk into Windows 7, so let's get some educational information about the alternatives out there. starting to? ;-) This isn’t a new thing for me. Three of the cooperative principles are “education, training and information”, “cooperation among cooperatives” and “concern for community”. http://www.ica.coop/coop/principles.html#5 – I’m concerned that the co-op community may sleepwalk into Windows 7, so let’s get some educational information about the alternatives out there.

]]> By: btw http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16686 btw Wed, 28 Oct 2009 18:55:18 +0000 http://www.news.software.coop/?p=807#comment-16686 you're starting to sound like an annoying evangelical. you’re starting to sound like an annoying evangelical.

]]> By: MJ Ray http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16661 MJ Ray Wed, 28 Oct 2009 12:50:12 +0000 http://www.news.software.coop/?p=807#comment-16661 in Windows 7? Got link? If so, why hasn't anyone told cert-bund.de yet? in Windows 7? Got link? If so, why hasn’t anyone told cert-bund.de yet?

]]> By: Alphager http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16654 Alphager Wed, 28 Oct 2009 10:02:29 +0000 http://www.news.software.coop/?p=807#comment-16654 The SMB2-Vulnerability was fixed two weeks ago... The SMB2-Vulnerability was fixed two weeks ago…

]]> By: MJ Ray (mjray) 's status on Wednesday, 28-Oct-09 07:06:33 UTC - Identi.ca http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/comment-page-1/#comment-16647 MJ Ray (mjray) 's status on Wednesday, 28-Oct-09 07:06:33 UTC - Identi.ca Wed, 28 Oct 2009 07:06:39 +0000 http://www.news.software.coop/?p=807#comment-16647 [...] Published Windows 7: Released with known critical bug http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/ [...] [...] Published Windows 7: Released with known critical bug http://www.news.software.coop/windows-7-released-with-known-critical-bug/807/ [...]

]]>