Forwarded from: McDonald Patrick <mcdonald_patrick_at_bah.com>
I don't have an issue with how long Microsoft took to issue. I have
issue with Microsoft not notifying their customers. How many people
could have been exploited and never known? Microsoft could have taken
their sweet time as long they advise the consumer on how to protect
themselves until the patch was loaded.
Pat
-----Original Message-----
From: owner-isn_at_attrition.org [mailto:owner-isn_at_attrition.org]On Behalf Of
InfoSec News
Sent: Thursday, December 27, 2001 11:12 PM
To: isn_at_attrition.org
Subject: [ISN] PATCH DELAY? Buffer Overflow in UPnP Service On Microsoft
Windows
Forwarded from: mrs_aida_capistrano_at_hushmail.com
Cc: marc_at_eeye.com
-----BEGIN PGP SIGNED MESSAGE-----
Hi there,
I posted this to the main security lists today, but no one seems interested.
Chris at vulnwatch.org suggest I send it to attrition and I am copying Marc,
in case he wishes to verify this chain of events or not. One can never tell
if Microsoft is telling the truth or not :-(
Dear Ladies and Gentlemen,
The following official statement was published in a Microsoft news group on
the 26th of December 2001 when many participants queried why it took nearly
two months for a patch to be developed to address the Buffer Overflow in
UPnP Service On Microsoft Windows
http://www.eeye.com/html/Research/Advisories/AD20011220.html
http://www.microsoft.com/technet/security/bulletin/MS01-059.asp
It does not explain why these defective goods continued to ship for the
Christmas sales season but might be of interest to people on these security
mailing lists:
direct link to news article on the server:
news://news.microsoft.com/#qAgniljBHA.2260@tkmsftngp07
<squirt>
[...]
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Received on Dec 29 2001
Intro
