Comments on: Microsoft to Issue Emergency Patch for Critical Windows Bug http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/ In-depth security news and investigation Wed, 23 May 2012 21:31:36 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: xAdmin http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7925 xAdmin Tue, 03 Aug 2010 01:29:58 +0000 http://krebsonsecurity.com/?p=4279#comment-7925 Hi Mark, I wouldn't count on it. XP SP 2 support has expired. Like I said, XP SP3 has been out for over two years. There has been plenty of time to upgrade to it. There may have been some confusion on XP SP 2 support: "In Microsoft’s August 2010 OOB Security Bulletin Release webcast today, they said that the support for XP SP2 was a typo and it is going to be corrected on the website." From comment at ISC SANS: http://isc.sans.edu/diary.html?storyid=9313 Hi Mark,

I wouldn’t count on it. XP SP 2 support has expired. Like I said, XP SP3 has been out for over two years. There has been plenty of time to upgrade to it.

There may have been some confusion on XP SP 2 support:

“In Microsoft’s August 2010 OOB Security Bulletin Release webcast today, they said that the support for XP SP2 was a typo and it is going to be corrected on the website.”

From comment at ISC SANS:
http://isc.sans.edu/diary.html?storyid=9313

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Mark Ratledge http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7923 Mark Ratledge Tue, 03 Aug 2010 01:04:52 +0000 http://krebsonsecurity.com/?p=4279#comment-7923 Might even be exploit kits released just for SP2. But I think there's a chance MS will change its stance and issue a patch just for SP2 on a patch Tuesday or sooner. Might even be exploit kits released just for SP2. But I think there’s a chance MS will change its stance and issue a patch just for SP2 on a patch Tuesday or sooner.

Like or Dislike: Thumb up 1 Thumb down 0
]]> By: xAdmin http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7918 xAdmin Mon, 02 Aug 2010 23:27:26 +0000 http://krebsonsecurity.com/?p=4279#comment-7918 Bob, you're a day late and dollar short! ;) Patch for Critical Windows Flaw Available http://krebsonsecurity.com/2010/08/patch-for-critical-windows-flaw-available/ http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx I've patched two personal systems, no issues to speak of. Time will tell, but so far, no problems on the radar from the patch. :) Bob, you’re a day late and dollar short! ;)

Patch for Critical Windows Flaw Available
http://krebsonsecurity.com/2010/08/patch-for-critical-windows-flaw-available/

http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx

I’ve patched two personal systems, no issues to speak of. Time will tell, but so far, no problems on the radar from the patch. :)

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Bob Primak http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7912 Bob Primak Mon, 02 Aug 2010 21:44:52 +0000 http://krebsonsecurity.com/?p=4279#comment-7912 There are workarounds until the Microsoft patch is released, which will not break all your shortcuts but which will offer varying degrees of protection. Infoworld.com's News story covering two workarounds, one from G-Data, and the other from Sophos, is here: http://www.infoworld.com/d/security-central/g-data-releases-tool-block-windows-shortcut-attacks-841 On my Windows XP Pro laptop, the Sophos solution conflicted with the Comodo Firewall's Security Policies, causing a Blue Screen of Death, so I had to settle for the G-Data solution there. On my Wiondows 7 Home Premium 64-bit laptop, there are no Security Policies or Group Policies, and there the Sophos solution is working just fine. So be aware that there are temporary fixes which are less severe than the Microsoft Fixit, and that depending on your OS version and installed software, you may have to try a couple of different mitigations before you find on which works and doesn't break too many other things. And come Monday, remove all your interim fixes and apply the real patch from Microsoft -- and expect the patch to break many things. This is the price we will pay for awhile, since the affected parts of Windows are so fundamental and have such wide-reaching uses inside of Windows. There are workarounds until the Microsoft patch is released, which will not break all your shortcuts but which will offer varying degrees of protection. Infoworld.com’s News story covering two workarounds, one from G-Data, and the other from Sophos, is here:

http://www.infoworld.com/d/security-central/g-data-releases-tool-block-windows-shortcut-attacks-841

On my Windows XP Pro laptop, the Sophos solution conflicted with the Comodo Firewall’s Security Policies, causing a Blue Screen of Death, so I had to settle for the G-Data solution there. On my Wiondows 7 Home Premium 64-bit laptop, there are no Security Policies or Group Policies, and there the Sophos solution is working just fine.

So be aware that there are temporary fixes which are less severe than the Microsoft Fixit, and that depending on your OS version and installed software, you may have to try a couple of different mitigations before you find on which works and doesn’t break too many other things.

And come Monday, remove all your interim fixes and apply the real patch from Microsoft — and expect the patch to break many things. This is the price we will pay for awhile, since the affected parts of Windows are so fundamental and have such wide-reaching uses inside of Windows.

Like or Dislike: Thumb up 0 Thumb down 3
]]> By: xAdmin http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7889 xAdmin Mon, 02 Aug 2010 15:27:55 +0000 http://krebsonsecurity.com/?p=4279#comment-7889 XP Service Pack 3 was released over two years ago! I would think that's plenty of time to evaluate whether or not it can be installed on a system. Windows XP itself is nine years old! That's a lifetime in software. It's surprising that Microsoft even supports it anymore! (Support for Windows 2000 just ended, an even older OS). Suffice it to say that Microsoft supports some of their software much longer than most would expect. A great part of it is many major businesses still use these older products (we still use Windows XP where I work, a large enterprise). The fact Windows XP (with SP3) will be supported until 2014 speaks to the success and continued use of that OS (some would say it was and is Microsoft’s best OS ever). Myself, I have NO plans on migrating off Windows XP as it does what I need to the T and I know it like the back of my hand! That and I absolutely hate the new taskbar and other interface re-designs of Windows 7! (I don’t like the road Microsoft is going down with these re-designs that look more and more like OS X, if I wanted that type of OS, I’d buy a Mac!) See the "Support Lifecycle" section for more info at: http://en.wikipedia.org/wiki/Windows_XP

XP Service Pack 3 was released over two years ago! I would think that’s plenty of time to evaluate whether or not it can be installed on a system.

Windows XP itself is nine years old! That’s a lifetime in software. It’s surprising that Microsoft even supports it anymore! (Support for Windows 2000 just ended, an even older OS).

Suffice it to say that Microsoft supports some of their software much longer than most would expect. A great part of it is many major businesses still use these older products (we still use Windows XP where I work, a large enterprise). The fact Windows XP (with SP3) will be supported until 2014 speaks to the success and continued use of that OS (some would say it was and is Microsoft’s best OS ever).

Myself, I have NO plans on migrating off Windows XP as it does what I need to the T and I know it like the back of my hand! That and I absolutely hate the new taskbar and other interface re-designs of Windows 7! (I don’t like the road Microsoft is going down with these re-designs that look more and more like OS X, if I wanted that type of OS, I’d buy a Mac!)

See the “Support Lifecycle” section for more info at:
http://en.wikipedia.org/wiki/Windows_XP

Well-loved. Like or Dislike: Thumb up 4 Thumb down 0
]]> By: BrianKrebs http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7886 BrianKrebs Mon, 02 Aug 2010 13:36:16 +0000 http://krebsonsecurity.com/?p=4279#comment-7886 I think you know the answer to your own question, Mark. No, xp/SP2 boxes can no longer download security updates, so they will need to have migrated to Service Pack 3. It's not like this was announced just yesterday. I would imagine that XP2 boxes WILL be targeted by this, as well as by many other new exploits to come. It just stands to reason. I think you know the answer to your own question, Mark. No, xp/SP2 boxes can no longer download security updates, so they will need to have migrated to Service Pack 3. It’s not like this was announced just yesterday.

I would imagine that XP2 boxes WILL be targeted by this, as well as by many other new exploits to come. It just stands to reason.

Like or Dislike: Thumb up 4 Thumb down 1
]]> By: Mark Ratledge http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7885 Mark Ratledge Mon, 02 Aug 2010 13:31:32 +0000 http://krebsonsecurity.com/?p=4279#comment-7885 What about SP2 boxes? Microsoft ended security support for SP2 right before this vulnerability was acknowledged. How many SP2 boxes are still out there? And, will SP2 boxes be targeted now? What about SP2 boxes? Microsoft ended security support for SP2 right before this vulnerability was acknowledged. How many SP2 boxes are still out there? And, will SP2 boxes be targeted now?

Like or Dislike: Thumb up 1 Thumb down 1
]]> By: bart http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7878 bart Mon, 02 Aug 2010 02:33:07 +0000 http://krebsonsecurity.com/?p=4279#comment-7878 "another bug open for years, just like the many remote exploits being patched through the years. anyone who trusts windows should not be trusted with data of any value, nor should they as a human be trusted with any of your conversation, they have demonstrated they lack the knowledge of securing their data, you cannot trust them to secure yours. a formal poll on the % of gossipers in the windows camp VS the *nix world with honest answers would be even more telling. vote me down, windows users, you’re too predictable." The truth, I don't know what is worse, Windows, Windows developers, or Windows users. “another bug open for years, just like the many remote exploits being patched through the years. anyone who trusts windows should not be trusted with data of any value, nor should they as a human be trusted with any of your conversation, they have demonstrated they lack the knowledge of securing their data, you cannot trust them to secure yours. a formal poll on the % of gossipers in the windows camp VS the *nix world with honest answers would be even more telling.

vote me down, windows users, you’re too predictable.”

The truth, I don’t know what is worse, Windows, Windows developers, or Windows users.

Like or Dislike: Thumb up 0 Thumb down 2
]]> By: neo http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7877 neo Mon, 02 Aug 2010 00:52:43 +0000 http://krebsonsecurity.com/?p=4279#comment-7877 another bug open for years, just like the many remote exploits being patched through the years. anyone who trusts windows should not be trusted with data of any value, nor should they as a human be trusted with any of your conversation, they have demonstrated they lack the knowledge of securing their data, you cannot trust them to secure yours. a formal poll on the % of gossipers in the windows camp VS the *nix world with honest answers would be even more telling. vote me down, windows users, you're too predictable. Hidden due to low comment rating. Click here to see.

Poorly-rated. Like or Dislike: Thumb up 6 Thumb down 14
]]> By: xAdmin http://krebsonsecurity.com/2010/07/microsoft-to-issue-emergency-patch-for-critical-windows-bug/comment-page-1/#comment-7873 xAdmin Sun, 01 Aug 2010 18:16:22 +0000 http://krebsonsecurity.com/?p=4279#comment-7873 The comment linked below makes some very good points :) (from site linked by Brian regarding, "pundits fixated on the notion that this was proof that other countries were planning cyber attacks": http://volokh.com/2010/07/18/proof-that-other-countries-are-planning-cyberattacks-on-the-power-grid/#comment-883042 The comment linked below makes some very good points :) (from site linked by Brian regarding, “pundits fixated on the notion that this was proof that other countries were planning cyber attacks”:

http://volokh.com/2010/07/18/proof-that-other-countries-are-planning-cyberattacks-on-the-power-grid/#comment-883042

Like or Dislike: Thumb up 3 Thumb down 0
]]>