Microsoft patch opens users to attack

Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which notified
Microsoft last week that the issue is exploitable."

http://www.securityfocus.com/news/11408?ref=rss

--Imhotep

Re: Microsoft patch opens users to attack

Old news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported OS config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

On Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.
http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
http://support.microsoft.com/kb/923762/

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full info,
would not have been mislead in thinking this systemic to more OS/IE
combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

Roger



"imhotep" wrote in message
news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
> Microsoft patch opens users to attack
>
> "The flaw, initially thought to only crash Internet Explorer, actually
> allows an attacker to run code on computers running Windows 2000 and
> Windows XP Service Pack 1 that have applied the August cumulative update
> to
> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
> told SecurityFocus on Tuesday. The update, released on August 8, fixed
> eight security holes but also introduced a bug of its own, according to
> Marc Maiffret, chief hacking officer for the security firm, which notified
> Microsoft last week that the issue is exploitable."
>
> http://www.securityfocus.com/news/11408?ref=rss
>
> --Imhotep

Re: Microsoft patch opens users to attack

Well, guess I better get with the program . . .
http://support.microsoft.com/?kbid=918899
was again updated later Aug 23 and now shows that for
http://support.microsoft.com/kb/923762/
the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to OS is impacted.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Roger Abell [MVP]" wrote in message
news:e9k%23Bf4xGHA.3492@TK2MSFTNGP02.phx.gbl...
> Old news, and as mentioned in a number of prior threads, MS initially
> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
> IE 6 Sp 1, which is the only currently supported OS config impacted
> (i.e. update a vulnerable XP to SP2 to become immune to this).
>
> Again, your provided quote does not make clear that only W2k Sp4
> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
> that anyone running XP at Sp1 is missing a number of patches (not
> released for Sp1) making this issue relatively unimportant for them.
>
> On Aug 22 the bulletin and KB were updated to advise that issues had
> been found requiring further quality assurance time.
> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
> http://support.microsoft.com/kb/923762/
>
> If you would provide links to the primary information sources rather
> than only quotes of third-party digests, people would have the full info,
> would not have been mislead in thinking this systemic to more OS/IE
> combos, people would have had access to recommendations on what
> to do and that the patch update is "on the way", and I would not have
> needed to correct this.
>
> Roger
>
>
>
> "imhotep" wrote in message
> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>> Microsoft patch opens users to attack
>>
>> "The flaw, initially thought to only crash Internet Explorer, actually
>> allows an attacker to run code on computers running Windows 2000 and
>> Windows XP Service Pack 1 that have applied the August cumulative update
>> to
>> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>> eight security holes but also introduced a bug of its own, according to
>> Marc Maiffret, chief hacking officer for the security firm, which
>> notified
>> Microsoft last week that the issue is exploitable."
>>
>> http://www.securityfocus.com/news/11408?ref=rss
>>
>> --Imhotep
>
>

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:
> Old news, and as mentioned in a number of prior threads, MS initially
> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
> IE 6 Sp 1, which is the only currently supported OS config impacted
> (i.e. update a vulnerable XP to SP2 to become immune to this).
>
> Again, your provided quote does not make clear that only W2k Sp4
> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
> that anyone running XP at Sp1 is missing a number of patches (not
> released for Sp1) making this issue relatively unimportant for them.
>
> On Aug 22 the bulletin and KB were updated to advise that issues had
> been found requiring further quality assurance time.
> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
> http://support.microsoft.com/kb/923762/
>
> If you would provide links to the primary information sources rather
> than only quotes of third-party digests, people would have the full info,
> would not have been mislead in thinking this systemic to more OS/IE
> combos, people would have had access to recommendations on what
> to do and that the patch update is "on the way", and I would not have
> needed to correct this.
>
> Roger
>
>
>
> "imhotep" wrote in message
> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>> Microsoft patch opens users to attack
>>
>> "The flaw, initially thought to only crash Internet Explorer, actually
>> allows an attacker to run code on computers running Windows 2000 and
>> Windows XP Service Pack 1 that have applied the August cumulative update
>> to
>> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>> eight security holes but also introduced a bug of its own, according to
>> Marc Maiffret, chief hacking officer for the security firm, which notified
>> Microsoft last week that the issue is exploitable."
>>
>> http://www.securityfocus.com/news/11408?ref=rss
>>
>> --Imhotep
>
>

was already post as re-releasing MS06-042 Tuesday, August 22
with citation to MS site itself

Re: Microsoft patch opens users to attack

"Jeff B" wrote in message
news:6d-dnWszHZOCRXDZnZ2dnUVZ_vudnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>> Old news, and as mentioned in a number of prior threads, MS initially
>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>> IE 6 Sp 1, which is the only currently supported OS config impacted
>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>
>> Again, your provided quote does not make clear that only W2k Sp4
>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>> that anyone running XP at Sp1 is missing a number of patches (not
>> released for Sp1) making this issue relatively unimportant for them.
>>
>> On Aug 22 the bulletin and KB were updated to advise that issues had
>> been found requiring further quality assurance time.
>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>> http://support.microsoft.com/kb/923762/
>>
>> If you would provide links to the primary information sources rather
>> than only quotes of third-party digests, people would have the full info,
>> would not have been mislead in thinking this systemic to more OS/IE
>> combos, people would have had access to recommendations on what
>> to do and that the patch update is "on the way", and I would not have
>> needed to correct this.
>>
>> Roger
>>
>>
>>
>> "imhotep" wrote in message
>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>> Microsoft patch opens users to attack
>>>
>>> "The flaw, initially thought to only crash Internet Explorer, actually
>>> allows an attacker to run code on computers running Windows 2000 and
>>> Windows XP Service Pack 1 that have applied the August cumulative update
>>> to
>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>>> eight security holes but also introduced a bug of its own, according to
>>> Marc Maiffret, chief hacking officer for the security firm, which
>>> notified
>>> Microsoft last week that the issue is exploitable."
>>>
>>> http://www.securityfocus.com/news/11408?ref=rss
>>>
>>> --Imhotep
>>
>>
>
> was already post as re-releasing MS06-042 Tuesday, August 22
> with citation to MS site itself

well yes, but the rerelease did not happen until midday today

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

> Old news, and as mentioned in a number of prior threads, MS initially
> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
> IE 6 Sp 1, which is the only currently supported OS config impacted
> (i.e. update a vulnerable XP to SP2 to become immune to this).
>
> Again, your provided quote does not make clear that only W2k Sp4
> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
> that anyone running XP at Sp1 is missing a number of patches (not
> released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable....


> On Aug 22 the bulletin and KB were updated to advise that issues had
> been found requiring further quality assurance time.
> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
> http://support.microsoft.com/kb/923762/
>
> If you would provide links to the primary information sources rather
> than only quotes of third-party digests, people would have the full info,
> would not have been mislead in thinking this systemic to more OS/IE
> combos, people would have had access to recommendations on what
> to do and that the patch update is "on the way", and I would not have
> needed to correct this.

BS!!! Re-read my post and you will see the quote:

"...running Windows 2000 and Windows XP Service Pack 1..."

It is clearly represented. You just do not like slashdot but are not brave
enough to admit it...

Imhotep


> Roger
>
>
>
> "imhotep" wrote in message
> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>> Microsoft patch opens users to attack
>>
>> "The flaw, initially thought to only crash Internet Explorer, actually
>> allows an attacker to run code on computers running Windows 2000 and
>> Windows XP Service Pack 1 that have applied the August cumulative update
>> to
>> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>> eight security holes but also introduced a bug of its own, according to
>> Marc Maiffret, chief hacking officer for the security firm, which
>> notified Microsoft last week that the issue is exploitable."
>>
>> http://www.securityfocus.com/news/11408?ref=rss
>>
>> --Imhotep

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

> Well, guess I better get with the program . . .
> http://support.microsoft.com/?kbid=918899
> was again updated later Aug 23 and now shows that for
> http://support.microsoft.com/kb/923762/
> the issue some are reporting as (potentially) exploitable,
> IE 6 Sp1 without statement limiting to OS is impacted.
>


Is that an apology?

-- Imhotep

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:YvidnVFkya3H5HLZnZ2dnUVZ_qudnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>> Well, guess I better get with the program . . .
>> http://support.microsoft.com/?kbid=918899
>> was again updated later Aug 23 and now shows that for
>> http://support.microsoft.com/kb/923762/
>> the issue some are reporting as (potentially) exploitable,
>> IE 6 Sp1 without statement limiting to OS is impacted.
>>
>
>
> Is that an apology?
>

No.

An update.

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>> Old news, and as mentioned in a number of prior threads, MS initially
>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>> IE 6 Sp 1, which is the only currently supported OS config impacted
>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>
>> Again, your provided quote does not make clear that only W2k Sp4
>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>> that anyone running XP at Sp1 is missing a number of patches (not
>> released for Sp1) making this issue relatively unimportant for them.
>
> Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
> Now, without debating if those users should/should not install SP2, the
> fact of the matter here was that the patch made them vulnerable....
>
>
>> On Aug 22 the bulletin and KB were updated to advise that issues had
>> been found requiring further quality assurance time.
>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>> http://support.microsoft.com/kb/923762/
>>
>> If you would provide links to the primary information sources rather
>> than only quotes of third-party digests, people would have the full info,
>> would not have been mislead in thinking this systemic to more OS/IE
>> combos, people would have had access to recommendations on what
>> to do and that the patch update is "on the way", and I would not have
>> needed to correct this.
>
> BS!!! Re-read my post and you will see the quote:
>
> "...running Windows 2000 and Windows XP Service Pack 1..."
>
> It is clearly represented. You just do not like slashdot but are not brave
> enough to admit it...
>
> Imhotep
>
>
>> Roger
>>
>>
>>
>> "imhotep" wrote in message
>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>> Microsoft patch opens users to attack
>>>
>>> "The flaw, initially thought to only crash Internet Explorer, actually
>>> allows an attacker to run code on computers running Windows 2000 and
>>> Windows XP Service Pack 1 that have applied the August cumulative update
>>> to
>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>>> eight security holes but also introduced a bug of its own, according to
>>> Marc Maiffret, chief hacking officer for the security firm, which
>>> notified Microsoft last week that the issue is exploitable."
>>>
>>> http://www.securityfocus.com/news/11408?ref=rss
>>>


No clue about what it is you attempt to discuss.

However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of vulnerabilities
ipso facto.

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

>
> "imhotep" wrote in message
> news:YvidnVFkya3H5HLZnZ2dnUVZ_qudnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>> Well, guess I better get with the program . . .
>>> http://support.microsoft.com/?kbid=918899
>>> was again updated later Aug 23 and now shows that for
>>> http://support.microsoft.com/kb/923762/
>>> the issue some are reporting as (potentially) exploitable,
>>> IE 6 Sp1 without statement limiting to OS is impacted.
>>>
>>
>>
>> Is that an apology?
>>
>
> No.
>
> An update.


Stubborn to the end....

-- Imhotep

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

>
> "imhotep" wrote in message
> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>> Old news, and as mentioned in a number of prior threads, MS initially
>>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>>> IE 6 Sp 1, which is the only currently supported OS config impacted
>>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>>
>>> Again, your provided quote does not make clear that only W2k Sp4
>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>>> that anyone running XP at Sp1 is missing a number of patches (not
>>> released for Sp1) making this issue relatively unimportant for them.
>>
>> Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
>> Now, without debating if those users should/should not install SP2, the
>> fact of the matter here was that the patch made them vulnerable....
>>
>>
>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>> been found requiring further quality assurance time.
>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>> http://support.microsoft.com/kb/923762/
>>>
>>> If you would provide links to the primary information sources rather
>>> than only quotes of third-party digests, people would have the full
>>> info, would not have been mislead in thinking this systemic to more
>>> OS/IE combos, people would have had access to recommendations on what
>>> to do and that the patch update is "on the way", and I would not have
>>> needed to correct this.
>>
>> BS!!! Re-read my post and you will see the quote:
>>
>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>
>> It is clearly represented. You just do not like slashdot but are not
>> brave enough to admit it...
>>
>> Imhotep
>>
>>
>>> Roger
>>>
>>>
>>>
>>> "imhotep" wrote in message
>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>> Microsoft patch opens users to attack
>>>>
>>>> "The flaw, initially thought to only crash Internet Explorer, actually
>>>> allows an attacker to run code on computers running Windows 2000 and
>>>> Windows XP Service Pack 1 that have applied the August cumulative
>>>> update to
>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>>>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>>>> eight security holes but also introduced a bug of its own, according to
>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>> notified Microsoft last week that the issue is exploitable."
>>>>
>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>
>
>
> No clue about what it is you attempt to discuss.

Then I will restate:
A good programmer never guesses. Microsoft screwed up by not testing to see
if XP SP2 was installed *before* installing the patch and as such caused
people who did not SP2 installed to be vulnerable.

You just never will admit when Microsoft screws up....

> However, my comments were, at least where you appear to be taking
> issue, centering on fact that it is only the rare exception when a Windows
> security patch is issues for XP Sp1. Those stopped months ago.
> An XP Sp1 system is today unpatch relative to a number of vulnerabilities
> ipso facto.

Never the less, as a programmer you never guess. You always check...notice I
said good programmer....


--Im

Re: Microsoft patch opens users to attack

In article ,
imhotep wrote:

>Then I will restate:
>A good programmer never guesses.

>Never the less, as a programmer you never guess. You always check...notice I
>said good programmer....

It's clear that you don't work in the same field that I do. In
my field, you have to guess often, and you can end up spending large
amounts of time on figuring out how to make a "good" guess.

But then, in my field, you almost never get provably right answers:
at best you get answers with a confidence interval.

The people I work with produce programs that are right about 83% to 86%
of the time (sometimes 90+% right.) You might say that that sounds
terrible, but in fact we're top rated (usually the best in the world)
at what we do, and it isn't uncommon for our programs to be 15% to 20%
more accurate than would be the case for a very high rated expert
doing the same work. Better than the world's best -- and guessing
is an important part of our strategy.

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:oL-dndB18OJlB27ZnZ2dnUVZ_sidnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>>
>> "imhotep" wrote in message
>> news:YvidnVFkya3H5HLZnZ2dnUVZ_qudnZ2d@adelphia.com...
>>> Roger Abell [MVP] wrote:
>>>
>>>> Well, guess I better get with the program . . .
>>>> http://support.microsoft.com/?kbid=918899
>>>> was again updated later Aug 23 and now shows that for
>>>> http://support.microsoft.com/kb/923762/
>>>> the issue some are reporting as (potentially) exploitable,
>>>> IE 6 Sp1 without statement limiting to OS is impacted.
>>>>
>>>
>>>
>>> Is that an apology?
>>>
>>
>> No.
>>
>> An update.
>
>
> Stubborn to the end....
>


and your proud of it?

> -- Imhotep

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>>
>> "imhotep" wrote in message
>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>> Roger Abell [MVP] wrote:
>>>
>>>> Old news, and as mentioned in a number of prior threads, MS initially
>>>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>>>> IE 6 Sp 1, which is the only currently supported OS config impacted
>>>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>>>
>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>> released for Sp1) making this issue relatively unimportant for them.
>>>
>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
>>> Now, without debating if those users should/should not install SP2, the
>>> fact of the matter here was that the patch made them vulnerable....
>>>
>>>
>>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>>> been found requiring further quality assurance time.
>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>> http://support.microsoft.com/kb/923762/
>>>>
>>>> If you would provide links to the primary information sources rather
>>>> than only quotes of third-party digests, people would have the full
>>>> info, would not have been mislead in thinking this systemic to more
>>>> OS/IE combos, people would have had access to recommendations on what
>>>> to do and that the patch update is "on the way", and I would not have
>>>> needed to correct this.
>>>
>>> BS!!! Re-read my post and you will see the quote:
>>>
>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>
>>> It is clearly represented. You just do not like slashdot but are not
>>> brave enough to admit it...
>>>
>>> Imhotep
>>>
>>>
>>>> Roger
>>>>
>>>>
>>>>
>>>> "imhotep" wrote in message
>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>> Microsoft patch opens users to attack
>>>>>
>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>> actually
>>>>> allows an attacker to run code on computers running Windows 2000 and
>>>>> Windows XP Service Pack 1 that have applied the August cumulative
>>>>> update to
>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>> Security
>>>>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>>>>> eight security holes but also introduced a bug of its own, according
>>>>> to
>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>
>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>
>>
>>
>> No clue about what it is you attempt to discuss.
>
> Then I will restate:
> A good programmer never guesses. Microsoft screwed up by not testing to
> see
> if XP SP2 was installed *before* installing the patch and as such caused
> people who did not SP2 installed to be vulnerable.
>
> You just never will admit when Microsoft screws up....
>
>> However, my comments were, at least where you appear to be taking
>> issue, centering on fact that it is only the rare exception when a
>> Windows
>> security patch is issues for XP Sp1. Those stopped months ago.
>> An XP Sp1 system is today unpatch relative to a number of vulnerabilities
>> ipso facto.
>
> Never the less, as a programmer you never guess. You always check...notice
> I
> said good programmer....
>

If that was true, we would never ever need patches because all
venerability's would be spotted in testing


>
> --Im

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>>
>> "imhotep" wrote in message
>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>> Roger Abell [MVP] wrote:
>>>
>>>> Old news, and as mentioned in a number of prior threads, MS initially
>>>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>>>> IE 6 Sp 1, which is the only currently supported OS config impacted
>>>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>>>
>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>> released for Sp1) making this issue relatively unimportant for them.
>>>
>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
>>> Now, without debating if those users should/should not install SP2, the
>>> fact of the matter here was that the patch made them vulnerable....
>>>
>>>
>>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>>> been found requiring further quality assurance time.
>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>> http://support.microsoft.com/kb/923762/
>>>>
>>>> If you would provide links to the primary information sources rather
>>>> than only quotes of third-party digests, people would have the full
>>>> info, would not have been mislead in thinking this systemic to more
>>>> OS/IE combos, people would have had access to recommendations on what
>>>> to do and that the patch update is "on the way", and I would not have
>>>> needed to correct this.
>>>
>>> BS!!! Re-read my post and you will see the quote:
>>>
>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>
>>> It is clearly represented. You just do not like slashdot but are not
>>> brave enough to admit it...
>>>
>>> Imhotep
>>>
>>>
>>>> Roger
>>>>
>>>>
>>>>
>>>> "imhotep" wrote in message
>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>> Microsoft patch opens users to attack
>>>>>
>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>> actually
>>>>> allows an attacker to run code on computers running Windows 2000 and
>>>>> Windows XP Service Pack 1 that have applied the August cumulative
>>>>> update to
>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>> Security
>>>>> told SecurityFocus on Tuesday. The update, released on August 8, fixed
>>>>> eight security holes but also introduced a bug of its own, according
>>>>> to
>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>
>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>
>>
>>
>> No clue about what it is you attempt to discuss.
>
> Then I will restate:
> A good programmer never guesses. Microsoft screwed up by not testing to
> see
> if XP SP2 was installed *before* installing the patch and as such caused
> people who did not SP2 installed to be vulnerable.
>
> You just never will admit when Microsoft screws up....
>
>> However, my comments were, at least where you appear to be taking
>> issue, centering on fact that it is only the rare exception when a
>> Windows
>> security patch is issues for XP Sp1. Those stopped months ago.
>> An XP Sp1 system is today unpatch relative to a number of vulnerabilities
>> ipso facto.
>
> Never the less, as a programmer you never guess. You always check...notice
> I
> said good programmer....
>
>

You know, it is humorous, almost cute, the extent you will go to
in order to be able to say "MS, you screwed up" while yet claiming
it is in the service of informing.

--
ra

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

>
> "imhotep" wrote in message
> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>> Old news, and as mentioned in a number of prior threads, MS initially
>>>>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>>>>> IE 6 Sp 1, which is the only currently supported OS config impacted
>>>>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>>>>
>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>> released for Sp1) making this issue relatively unimportant for them.
>>>>
>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>> SP2. Now, without debating if those users should/should not install
>>>> SP2, the fact of the matter here was that the patch made them
>>>> vulnerable....
>>>>
>>>>
>>>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>>>> been found requiring further quality assurance time.
>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>> http://support.microsoft.com/kb/923762/
>>>>>
>>>>> If you would provide links to the primary information sources rather
>>>>> than only quotes of third-party digests, people would have the full
>>>>> info, would not have been mislead in thinking this systemic to more
>>>>> OS/IE combos, people would have had access to recommendations on what
>>>>> to do and that the patch update is "on the way", and I would not have
>>>>> needed to correct this.
>>>>
>>>> BS!!! Re-read my post and you will see the quote:
>>>>
>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>
>>>> It is clearly represented. You just do not like slashdot but are not
>>>> brave enough to admit it...
>>>>
>>>> Imhotep
>>>>
>>>>
>>>>> Roger
>>>>>
>>>>>
>>>>>
>>>>> "imhotep" wrote in message
>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>> Microsoft patch opens users to attack
>>>>>>
>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>> actually
>>>>>> allows an attacker to run code on computers running Windows 2000 and
>>>>>> Windows XP Service Pack 1 that have applied the August cumulative
>>>>>> update to
>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>> Security
>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>> according to
>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>
>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>
>>>
>>>
>>> No clue about what it is you attempt to discuss.
>>
>> Then I will restate:
>> A good programmer never guesses. Microsoft screwed up by not testing to
>> see
>> if XP SP2 was installed *before* installing the patch and as such caused
>> people who did not SP2 installed to be vulnerable.
>>
>> You just never will admit when Microsoft screws up....
>>
>>> However, my comments were, at least where you appear to be taking
>>> issue, centering on fact that it is only the rare exception when a
>>> Windows
>>> security patch is issues for XP Sp1. Those stopped months ago.
>>> An XP Sp1 system is today unpatch relative to a number of
>>> vulnerabilities ipso facto.
>>
>> Never the less, as a programmer you never guess. You always
>> check...notice I
>> said good programmer....
>>
>>
>
> You know, it is humorous, almost cute, the extent you will go to
> in order to be able to say "MS, you screwed up" while yet claiming
> it is in the service of informing.
>


The only thing more humorous is the length you will go to in defense of
Microsoft. Even when, it is illogical and down right BS at times. I can
honestly say that I will criticize Apple or Linux when they screw up. Why
should I be lighter on Microsoft?

You on, the other hand, try to shamefully redirect the topic by labling me
and others as "Microsoft haters". What are you so afraid of? Bad press for
Microsoft? They are "big boys" and can defend themselves....

Next time stick on the topic....everyone knows your game anyway.

Imhotep

Re: Microsoft patch opens users to attack

Slim wrote:

>
> "imhotep" wrote in message
> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>> Old news, and as mentioned in a number of prior threads, MS initially
>>>>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>>>>> IE 6 Sp 1, which is the only currently supported OS config impacted
>>>>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>>>>
>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>> released for Sp1) making this issue relatively unimportant for them.
>>>>
>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>> SP2. Now, without debating if those users should/should not install
>>>> SP2, the fact of the matter here was that the patch made them
>>>> vulnerable....
>>>>
>>>>
>>>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>>>> been found requiring further quality assurance time.
>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>> http://support.microsoft.com/kb/923762/
>>>>>
>>>>> If you would provide links to the primary information sources rather
>>>>> than only quotes of third-party digests, people would have the full
>>>>> info, would not have been mislead in thinking this systemic to more
>>>>> OS/IE combos, people would have had access to recommendations on what
>>>>> to do and that the patch update is "on the way", and I would not have
>>>>> needed to correct this.
>>>>
>>>> BS!!! Re-read my post and you will see the quote:
>>>>
>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>
>>>> It is clearly represented. You just do not like slashdot but are not
>>>> brave enough to admit it...
>>>>
>>>> Imhotep
>>>>
>>>>
>>>>> Roger
>>>>>
>>>>>
>>>>>
>>>>> "imhotep" wrote in message
>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>> Microsoft patch opens users to attack
>>>>>>
>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>> actually
>>>>>> allows an attacker to run code on computers running Windows 2000 and
>>>>>> Windows XP Service Pack 1 that have applied the August cumulative
>>>>>> update to
>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>> Security
>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>> according to
>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>
>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>
>>>
>>>
>>> No clue about what it is you attempt to discuss.
>>
>> Then I will restate:
>> A good programmer never guesses. Microsoft screwed up by not testing to
>> see
>> if XP SP2 was installed *before* installing the patch and as such caused
>> people who did not SP2 installed to be vulnerable.
>>
>> You just never will admit when Microsoft screws up....
>>
>>> However, my comments were, at least where you appear to be taking
>>> issue, centering on fact that it is only the rare exception when a
>>> Windows
>>> security patch is issues for XP Sp1. Those stopped months ago.
>>> An XP Sp1 system is today unpatch relative to a number of
>>> vulnerabilities ipso facto.
>>
>> Never the less, as a programmer you never guess. You always
>> check...notice I
>> said good programmer....
>>
>
> If that was true, we would never ever need patches because all
> venerability's would be spotted in testing

Yes vulnerabilities should be found during testing. However, in the real
World some get by. Really my reply was about testing the *installation*
before installing the patch. What do I mean by this? It is simple. As a
programmer installing a piece of software, the *first* thing you do is make
sure all the componets you need are allready in place. For example, does
the system have the required libraries? Is there enough disk space, etc,
etc. If the check is good *then* you install.

If the patch that Microsoft wrote required SP2 then they should have done
this instead of just guessing and blindly installing it thus making people
vulnerable, yet again.

Certian people like Roger Abell, will try to ignore this with deception and
redirection. Don't fall for it. Anytime you *make* people vulnerable
because you did not take the time to do things right, you screwed up. And
because of this people will get hacked.

Again, my point is do it right the first time.

-- Imhotep

>
>
>>
>> --Im

Re: Microsoft patch opens users to attack

Walter Roberson wrote:

> In article ,
> imhotep wrote:
>
>>Then I will restate:
>>A good programmer never guesses.
>
>>Never the less, as a programmer you never guess. You always check...notice
>>I said good programmer....
>
> It's clear that you don't work in the same field that I do. In
> my field, you have to guess often, and you can end up spending large
> amounts of time on figuring out how to make a "good" guess.
>
> But then, in my field, you almost never get provably right answers:
> at best you get answers with a confidence interval.
>
> The people I work with produce programs that are right about 83% to 86%
> of the time (sometimes 90+% right.) You might say that that sounds
> terrible, but in fact we're top rated (usually the best in the world)
> at what we do, and it isn't uncommon for our programs to be 15% to 20%
> more accurate than would be the case for a very high rated expert
> doing the same work. Better than the world's best -- and guessing
> is an important part of our strategy.

Again, this situation could have been easy to prevent. If the patch needed
SP2, why not test that SP2 is installed????

--Imhotep

Re: Microsoft patch opens users to attack

Slim wrote:

>
> "imhotep" wrote in message
> news:oL-dndB18OJlB27ZnZ2dnUVZ_sidnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:YvidnVFkya3H5HLZnZ2dnUVZ_qudnZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>> Well, guess I better get with the program . . .
>>>>> http://support.microsoft.com/?kbid=918899
>>>>> was again updated later Aug 23 and now shows that for
>>>>> http://support.microsoft.com/kb/923762/
>>>>> the issue some are reporting as (potentially) exploitable,
>>>>> IE 6 Sp1 without statement limiting to OS is impacted.
>>>>>
>>>>
>>>>
>>>> Is that an apology?
>>>>
>>>
>>> No.
>>>
>>> An update.
>>
>>
>> Stubborn to the end....
>>
>
>
> and your proud of it?
>
>> -- Imhotep


Read the string of posts. I *was* saything that to Roger Abell:

(You are) stubborn to the end....

-- Imhotep

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:EYWdnWsnd7ZOmWjZnZ2dnUVZ_tGdnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>>
>> "imhotep" wrote in message
>> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>>> Roger Abell [MVP] wrote:
>>>
>>>>
>>>> "imhotep" wrote in message
>>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>>> Roger Abell [MVP] wrote:
>>>>>
>>>>>> Old news, and as mentioned in a number of prior threads, MS initially
>>>>>> anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>>>>>> IE 6 Sp 1, which is the only currently supported OS config impacted
>>>>>> (i.e. update a vulnerable XP to SP2 to become immune to this).
>>>>>>
>>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make
>>>>>> clear
>>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>>> released for Sp1) making this issue relatively unimportant for them.
>>>>>
>>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>>> SP2. Now, without debating if those users should/should not install
>>>>> SP2, the fact of the matter here was that the patch made them
>>>>> vulnerable....
>>>>>
>>>>>
>>>>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>>>>> been found requiring further quality assurance time.
>>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>>> http://support.microsoft.com/kb/923762/
>>>>>>
>>>>>> If you would provide links to the primary information sources rather
>>>>>> than only quotes of third-party digests, people would have the full
>>>>>> info, would not have been mislead in thinking this systemic to more
>>>>>> OS/IE combos, people would have had access to recommendations on what
>>>>>> to do and that the patch update is "on the way", and I would not have
>>>>>> needed to correct this.
>>>>>
>>>>> BS!!! Re-read my post and you will see the quote:
>>>>>
>>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>>
>>>>> It is clearly represented. You just do not like slashdot but are not
>>>>> brave enough to admit it...
>>>>>
>>>>> Imhotep
>>>>>
>>>>>
>>>>>> Roger
>>>>>>
>>>>>>
>>>>>>
>>>>>> "imhotep" wrote in message
>>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>>> Microsoft patch opens users to attack
>>>>>>>
>>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>>> actually
>>>>>>> allows an attacker to run code on computers running Windows 2000 and
>>>>>>> Windows XP Service Pack 1 that have applied the August cumulative
>>>>>>> update to
>>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>>> Security
>>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>>> according to
>>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>>
>>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>>
>>>>
>>>>
>>>> No clue about what it is you attempt to discuss.
>>>
>>> Then I will restate:
>>> A good programmer never guesses. Microsoft screwed up by not testing to
>>> see
>>> if XP SP2 was installed *before* installing the patch and as such caused
>>> people who did not SP2 installed to be vulnerable.
>>>
>>> You just never will admit when Microsoft screws up....
>>>
>>>> However, my comments were, at least where you appear to be taking
>>>> issue, centering on fact that it is only the rare exception when a
>>>> Windows
>>>> security patch is issues for XP Sp1. Those stopped months ago.
>>>> An XP Sp1 system is today unpatch relative to a number of
>>>> vulnerabilities ipso facto.
>>>
>>> Never the less, as a programmer you never guess. You always
>>> check...notice I
>>> said good programmer....
>>>
>>>
>>
>> You know, it is humorous, almost cute, the extent you will go to
>> in order to be able to say "MS, you screwed up" while yet claiming
>> it is in the service of informing.
>>
>
>
> The only thing more humorous is the length you will go to in defense of
> Microsoft. Even when, it is illogical and down right BS at times. I can
> honestly say that I will criticize Apple or Linux when they screw up. Why
> should I be lighter on Microsoft?
>
> You on, the other hand, try to shamefully redirect the topic by labling me
> and others as "Microsoft haters". What are you so afraid of? Bad press for
> Microsoft? They are "big boys" and can defend themselves....
>
> Next time stick on the topic....everyone knows your game anyway.
>
> Imhotep
>

I am fearless.
I dare you to find in any archive where I have called you "Microsoft hater".

I criticize MS very heavily and quite often, where/when deserved.
I hold no patience with BS and slurred meaning/intents.
I have no problem attempting to dispell such illusions when presented.

You do not believe I have just stated the truth.
But I really do not care.

--
ra

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:ycadnbutZuG6lGjZnZ2dnUVZ_oqdnZ2d@adelphia.com...
> Slim wrote:
>
>>
>> "imhotep" wrote in message
>> news:oL-dndB18OJlB27ZnZ2dnUVZ_sidnZ2d@adelphia.com...
>>> Roger Abell [MVP] wrote:
>>>
>>>>
>>>> "imhotep" wrote in message
>>>> news:YvidnVFkya3H5HLZnZ2dnUVZ_qudnZ2d@adelphia.com...
>>>>> Roger Abell [MVP] wrote:
>>>>>
>>>>>> Well, guess I better get with the program . . .
>>>>>> http://support.microsoft.com/?kbid=918899
>>>>>> was again updated later Aug 23 and now shows that for
>>>>>> http://support.microsoft.com/kb/923762/
>>>>>> the issue some are reporting as (potentially) exploitable,
>>>>>> IE 6 Sp1 without statement limiting to OS is impacted.
>>>>>>
>>>>>
>>>>> Is that an apology?
>>>>>
>>>>
>>>> No.
>>>>
>>>> An update.
>>>
>>>
>>> Stubborn to the end....
>>>
>>
>> and your proud of it?
>>
>
> Read the string of posts. I *was* saything that to Roger Abell:
>
> (You are) stubborn to the end....
>
> -- Imhotep

I think perhaps you have just missed the point entirely :)

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

>
> "imhotep" wrote in message
> news:EYWdnWsnd7ZOmWjZnZ2dnUVZ_tGdnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>>
>>>>> "imhotep" wrote in message
>>>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>>>> Roger Abell [MVP] wrote:
>>>>>>
>>>>>>> Old news, and as mentioned in a number of prior threads, MS
>>>>>>> initially anticipated releasing updated patch on Aug 22 for W2k Sp4
>>>>>>> running IE 6 Sp 1, which is the only currently supported OS config
>>>>>>> impacted (i.e. update a vulnerable XP to SP2 to become immune to
>>>>>>> this).
>>>>>>>
>>>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make
>>>>>>> clear
>>>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>>>> released for Sp1) making this issue relatively unimportant for them.
>>>>>>
>>>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>>>> SP2. Now, without debating if those users should/should not install
>>>>>> SP2, the fact of the matter here was that the patch made them
>>>>>> vulnerable....
>>>>>>
>>>>>>
>>>>>>> On Aug 22 the bulletin and KB were updated to advise that issues had
>>>>>>> been found requiring further quality assurance time.
>>>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>>>> http://support.microsoft.com/kb/923762/
>>>>>>>
>>>>>>> If you would provide links to the primary information sources rather
>>>>>>> than only quotes of third-party digests, people would have the full
>>>>>>> info, would not have been mislead in thinking this systemic to more
>>>>>>> OS/IE combos, people would have had access to recommendations on
>>>>>>> what to do and that the patch update is "on the way", and I would
>>>>>>> not have needed to correct this.
>>>>>>
>>>>>> BS!!! Re-read my post and you will see the quote:
>>>>>>
>>>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>>>
>>>>>> It is clearly represented. You just do not like slashdot but are not
>>>>>> brave enough to admit it...
>>>>>>
>>>>>> Imhotep
>>>>>>
>>>>>>
>>>>>>> Roger
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "imhotep" wrote in message
>>>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>>>> Microsoft patch opens users to attack
>>>>>>>>
>>>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>>>> actually
>>>>>>>> allows an attacker to run code on computers running Windows 2000
>>>>>>>> and Windows XP Service Pack 1 that have applied the August
>>>>>>>> cumulative update to
>>>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>>>> Security
>>>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>>>> according to
>>>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>>>
>>>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>>>
>>>>>
>>>>>
>>>>> No clue about what it is you attempt to discuss.
>>>>
>>>> Then I will restate:
>>>> A good programmer never guesses. Microsoft screwed up by not testing to
>>>> see
>>>> if XP SP2 was installed *before* installing the patch and as such
>>>> caused people who did not SP2 installed to be vulnerable.
>>>>
>>>> You just never will admit when Microsoft screws up....
>>>>
>>>>> However, my comments were, at least where you appear to be taking
>>>>> issue, centering on fact that it is only the rare exception when a
>>>>> Windows
>>>>> security patch is issues for XP Sp1. Those stopped months ago.
>>>>> An XP Sp1 system is today unpatch relative to a number of
>>>>> vulnerabilities ipso facto.
>>>>
>>>> Never the less, as a programmer you never guess. You always
>>>> check...notice I
>>>> said good programmer....
>>>>
>>>>
>>>
>>> You know, it is humorous, almost cute, the extent you will go to
>>> in order to be able to say "MS, you screwed up" while yet claiming
>>> it is in the service of informing.
>>>
>>
>>
>> The only thing more humorous is the length you will go to in defense of
>> Microsoft. Even when, it is illogical and down right BS at times. I can
>> honestly say that I will criticize Apple or Linux when they screw up. Why
>> should I be lighter on Microsoft?
>>
>> You on, the other hand, try to shamefully redirect the topic by labling
>> me and others as "Microsoft haters". What are you so afraid of? Bad press
>> for Microsoft? They are "big boys" and can defend themselves....
>>
>> Next time stick on the topic....everyone knows your game anyway.
>>
>> Imhotep
>>
>
> I am fearless.
> I dare you to find in any archive where I have called you "Microsoft
> hater".
>
> I criticize MS very heavily and quite often, where/when deserved.
> I hold no patience with BS and slurred meaning/intents.
> I have no problem attempting to dispell such illusions when presented.
>
> You do not believe I have just stated the truth.
> But I really do not care.

....then why did you reply?

-- Imhotep

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

> "imhotep" wrote in message
> news:ycadnbutZuG6lGjZnZ2dnUVZ_oqdnZ2d@adelphia.com...
>> Slim wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:oL-dndB18OJlB27ZnZ2dnUVZ_sidnZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>>
>>>>> "imhotep" wrote in message
>>>>> news:YvidnVFkya3H5HLZnZ2dnUVZ_qudnZ2d@adelphia.com...
>>>>>> Roger Abell [MVP] wrote:
>>>>>>
>>>>>>> Well, guess I better get with the program . . .
>>>>>>> http://support.microsoft.com/?kbid=918899
>>>>>>> was again updated later Aug 23 and now shows that for
>>>>>>> http://support.microsoft.com/kb/923762/
>>>>>>> the issue some are reporting as (potentially) exploitable,
>>>>>>> IE 6 Sp1 without statement limiting to OS is impacted.
>>>>>>>
>>>>>>
>>>>>> Is that an apology?
>>>>>>
>>>>>
>>>>> No.
>>>>>
>>>>> An update.
>>>>
>>>>
>>>> Stubborn to the end....
>>>>
>>>
>>> and your proud of it?
>>>
>>
>> Read the string of posts. I *was* saything that to Roger Abell:
>>
>> (You are) stubborn to the end....
>>
>> -- Imhotep
>
> I think perhaps you have just missed the point entirely :)


....or maybe you have...

Imhotep

Re: Microsoft patch opens users to attack

"imhotep" wrote in message
news:q8-dnXKZ9ogyAmjZnZ2dnUVZ_r6dnZ2d@adelphia.com...
> Roger Abell [MVP] wrote:
>
>>
>> "imhotep" wrote in message
>> news:EYWdnWsnd7ZOmWjZnZ2dnUVZ_tGdnZ2d@adelphia.com...
>>> Roger Abell [MVP] wrote:
>>>
>>>>
>>>> "imhotep" wrote in message
>>>> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>>>>> Roger Abell [MVP] wrote:
>>>>>
>>>>>>
>>>>>> "imhotep" wrote in message
>>>>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>>>>> Roger Abell [MVP] wrote:
>>>>>>>
>>>>>>>> Old news, and as mentioned in a number of prior threads, MS
>>>>>>>> initially anticipated releasing updated patch on Aug 22 for W2k Sp4
>>>>>>>> running IE 6 Sp 1, which is the only currently supported OS config
>>>>>>>> impacted (i.e. update a vulnerable XP to SP2 to become immune to
>>>>>>>> this).
>>>>>>>>
>>>>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make
>>>>>>>> clear
>>>>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>>>>> released for Sp1) making this issue relatively unimportant for
>>>>>>>> them.
>>>>>>>
>>>>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>>>>> SP2. Now, without debating if those users should/should not install
>>>>>>> SP2, the fact of the matter here was that the patch made them
>>>>>>> vulnerable....
>>>>>>>
>>>>>>>
>>>>>>>> On Aug 22 the bulletin and KB were updated to advise that issues
>>>>>>>> had
>>>>>>>> been found requiring further quality assurance time.
>>>>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>>>>> http://support.microsoft.com/kb/923762/
>>>>>>>>
>>>>>>>> If you would provide links to the primary information sources
>>>>>>>> rather
>>>>>>>> than only quotes of third-party digests, people would have the full
>>>>>>>> info, would not have been mislead in thinking this systemic to more
>>>>>>>> OS/IE combos, people would have had access to recommendations on
>>>>>>>> what to do and that the patch update is "on the way", and I would
>>>>>>>> not have needed to correct this.
>>>>>>>
>>>>>>> BS!!! Re-read my post and you will see the quote:
>>>>>>>
>>>>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>>>>
>>>>>>> It is clearly represented. You just do not like slashdot but are not
>>>>>>> brave enough to admit it...
>>>>>>>
>>>>>>> Imhotep
>>>>>>>
>>>>>>>
>>>>>>>> Roger
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "imhotep" wrote in message
>>>>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>>>>> Microsoft patch opens users to attack
>>>>>>>>>
>>>>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>>>>> actually
>>>>>>>>> allows an attacker to run code on computers running Windows 2000
>>>>>>>>> and Windows XP Service Pack 1 that have applied the August
>>>>>>>>> cumulative update to
>>>>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>>>>> Security
>>>>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>>>>> according to
>>>>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>>>>
>>>>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>>>>
>>>>>>
>>>>>>
>>>>>> No clue about what it is you attempt to discuss.
>>>>>
>>>>> Then I will restate:
>>>>> A good programmer never guesses. Microsoft screwed up by not testing
>>>>> to
>>>>> see
>>>>> if XP SP2 was installed *before* installing the patch and as such
>>>>> caused people who did not SP2 installed to be vulnerable.
>>>>>
>>>>> You just never will admit when Microsoft screws up....
>>>>>
>>>>>> However, my comments were, at least where you appear to be taking
>>>>>> issue, centering on fact that it is only the rare exception when a
>>>>>> Windows
>>>>>> security patch is issues for XP Sp1. Those stopped months ago.
>>>>>> An XP Sp1 system is today unpatch relative to a number of
>>>>>> vulnerabilities ipso facto.
>>>>>
>>>>> Never the less, as a programmer you never guess. You always
>>>>> check...notice I
>>>>> said good programmer....
>>>>>
>>>>>
>>>>
>>>> You know, it is humorous, almost cute, the extent you will go to
>>>> in order to be able to say "MS, you screwed up" while yet claiming
>>>> it is in the service of informing.
>>>>
>>>
>>>
>>> The only thing more humorous is the length you will go to in defense of
>>> Microsoft. Even when, it is illogical and down right BS at times. I can
>>> honestly say that I will criticize Apple or Linux when they screw up.
>>> Why
>>> should I be lighter on Microsoft?
>>>
>>> You on, the other hand, try to shamefully redirect the topic by labling
>>> me and others as "Microsoft haters". What are you so afraid of? Bad
>>> press
>>> for Microsoft? They are "big boys" and can defend themselves....
>>>
>>> Next time stick on the topic....everyone knows your game anyway.
>>>
>>> Imhotep
>>>
>>
>> I am fearless.
>> I dare you to find in any archive where I have called you "Microsoft
>> hater".
>>
>> I criticize MS very heavily and quite often, where/when deserved.
>> I hold no patience with BS and slurred meaning/intents.
>> I have no problem attempting to dispell such illusions when presented.
>>
>> You do not believe I have just stated the truth.
>> But I really do not care.
>
> ...then why did you reply?
>

Obviously because this forum speaks to more than just you..

Re: Microsoft patch opens users to attack

Are you too still going at it? Maybe you boys should step outside and
settle this the old fashioned way. ;-)


<*(((>< ~~~


On Thu, 31 Aug 2006 00:54:02 -0700, "Roger Abell [MVP]"
wrote:

>"imhotep" wrote in message
>news:q8-dnXKZ9ogyAmjZnZ2dnUVZ_r6dnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:EYWdnWsnd7ZOmWjZnZ2dnUVZ_tGdnZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>>
>>>>> "imhotep" wrote in message
>>>>> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>>>>>> Roger Abell [MVP] wrote:
>>>>>>
>>>>>>>
>>>>>>> "imhotep" wrote in message
>>>>>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>>>>>> Roger Abell [MVP] wrote:
>>>>>>>>
>>>>>>>>> Old news, and as mentioned in a number of prior threads, MS
>>>>>>>>> initially anticipated releasing updated patch on Aug 22 for W2k Sp4
>>>>>>>>> running IE 6 Sp 1, which is the only currently supported OS config
>>>>>>>>> impacted (i.e. update a vulnerable XP to SP2 to become immune to
>>>>>>>>> this).
>>>>>>>>>
>>>>>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make
>>>>>>>>> clear
>>>>>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>>>>>> released for Sp1) making this issue relatively unimportant for
>>>>>>>>> them.
>>>>>>>>
>>>>>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>>>>>> SP2. Now, without debating if those users should/should not install
>>>>>>>> SP2, the fact of the matter here was that the patch made them
>>>>>>>> vulnerable....
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Aug 22 the bulletin and KB were updated to advise that issues
>>>>>>>>> had
>>>>>>>>> been found requiring further quality assurance time.
>>>>>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>>>>>> http://support.microsoft.com/kb/923762/
>>>>>>>>>
>>>>>>>>> If you would provide links to the primary information sources
>>>>>>>>> rather
>>>>>>>>> than only quotes of third-party digests, people would have the full
>>>>>>>>> info, would not have been mislead in thinking this systemic to more
>>>>>>>>> OS/IE combos, people would have had access to recommendations on
>>>>>>>>> what to do and that the patch update is "on the way", and I would
>>>>>>>>> not have needed to correct this.
>>>>>>>>
>>>>>>>> BS!!! Re-read my post and you will see the quote:
>>>>>>>>
>>>>>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>>>>>
>>>>>>>> It is clearly represented. You just do not like slashdot but are not
>>>>>>>> brave enough to admit it...
>>>>>>>>
>>>>>>>> Imhotep
>>>>>>>>
>>>>>>>>
>>>>>>>>> Roger
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "imhotep" wrote in message
>>>>>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>>>>>> Microsoft patch opens users to attack
>>>>>>>>>>
>>>>>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>>>>>> actually
>>>>>>>>>> allows an attacker to run code on computers running Windows 2000
>>>>>>>>>> and Windows XP Service Pack 1 that have applied the August
>>>>>>>>>> cumulative update to
>>>>>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>>>>>> Security
>>>>>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>>>>>> according to
>>>>>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>>>>>
>>>>>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> No clue about what it is you attempt to discuss.
>>>>>>
>>>>>> Then I will restate:
>>>>>> A good programmer never guesses. Microsoft screwed up by not testing
>>>>>> to
>>>>>> see
>>>>>> if XP SP2 was installed *before* installing the patch and as such
>>>>>> caused people who did not SP2 installed to be vulnerable.
>>>>>>
>>>>>> You just never will admit when Microsoft screws up....
>>>>>>
>>>>>>> However, my comments were, at least where you appear to be taking
>>>>>>> issue, centering on fact that it is only the rare exception when a
>>>>>>> Windows
>>>>>>> security patch is issues for XP Sp1. Those stopped months ago.
>>>>>>> An XP Sp1 system is today unpatch relative to a number of
>>>>>>> vulnerabilities ipso facto.
>>>>>>
>>>>>> Never the less, as a programmer you never guess. You always
>>>>>> check...notice I
>>>>>> said good programmer....
>>>>>>
>>>>>>
>>>>>
>>>>> You know, it is humorous, almost cute, the extent you will go to
>>>>> in order to be able to say "MS, you screwed up" while yet claiming
>>>>> it is in the service of informing.
>>>>>
>>>>
>>>>
>>>> The only thing more humorous is the length you will go to in defense of
>>>> Microsoft. Even when, it is illogical and down right BS at times. I can
>>>> honestly say that I will criticize Apple or Linux when they screw up.
>>>> Why
>>>> should I be lighter on Microsoft?
>>>>
>>>> You on, the other hand, try to shamefully redirect the topic by labling
>>>> me and others as "Microsoft haters". What are you so afraid of? Bad
>>>> press
>>>> for Microsoft? They are "big boys" and can defend themselves....
>>>>
>>>> Next time stick on the topic....everyone knows your game anyway.
>>>>
>>>> Imhotep
>>>>
>>>
>>> I am fearless.
>>> I dare you to find in any archive where I have called you "Microsoft
>>> hater".
>>>
>>> I criticize MS very heavily and quite often, where/when deserved.
>>> I hold no patience with BS and slurred meaning/intents.
>>> I have no problem attempting to dispell such illusions when presented.
>>>
>>> You do not believe I have just stated the truth.
>>> But I really do not care.
>>
>> ...then why did you reply?
>>
>
>Obviously because this forum speaks to more than just you..
>

Awaiting your responses with baited breath, I remain, yours truly,

<*(((>< ~~~

Re: Microsoft patch opens users to attack

Roger Abell [MVP] wrote:

> "imhotep" wrote in message
> news:q8-dnXKZ9ogyAmjZnZ2dnUVZ_r6dnZ2d@adelphia.com...
>> Roger Abell [MVP] wrote:
>>
>>>
>>> "imhotep" wrote in message
>>> news:EYWdnWsnd7ZOmWjZnZ2dnUVZ_tGdnZ2d@adelphia.com...
>>>> Roger Abell [MVP] wrote:
>>>>
>>>>>
>>>>> "imhotep" wrote in message
>>>>> news:rYudnUA14NasAm7ZnZ2dnUVZ_qadnZ2d@adelphia.com...
>>>>>> Roger Abell [MVP] wrote:
>>>>>>
>>>>>>>
>>>>>>> "imhotep" wrote in message
>>>>>>> news:evydnY1L3quB5HLZnZ2dnUVZ_sednZ2d@adelphia.com...
>>>>>>>> Roger Abell [MVP] wrote:
>>>>>>>>
>>>>>>>>> Old news, and as mentioned in a number of prior threads, MS
>>>>>>>>> initially anticipated releasing updated patch on Aug 22 for W2k
>>>>>>>>> Sp4 running IE 6 Sp 1, which is the only currently supported OS
>>>>>>>>> config impacted (i.e. update a vulnerable XP to SP2 to become
>>>>>>>>> immune to this).
>>>>>>>>>
>>>>>>>>> Again, your provided quote does not make clear that only W2k Sp4
>>>>>>>>> is affected, and only if it has IE at IE 6 Sp1, nor does it make
>>>>>>>>> clear
>>>>>>>>> that anyone running XP at Sp1 is missing a number of patches (not
>>>>>>>>> released for Sp1) making this issue relatively unimportant for
>>>>>>>>> them.
>>>>>>>>
>>>>>>>> Nope. Windows 2000 AND XP SP1. Not all people out there are running
>>>>>>>> SP2. Now, without debating if those users should/should not install
>>>>>>>> SP2, the fact of the matter here was that the patch made them
>>>>>>>> vulnerable....
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Aug 22 the bulletin and KB were updated to advise that issues
>>>>>>>>> had
>>>>>>>>> been found requiring further quality assurance time.
>>>>>>>>> http://www.microsoft.com/technet/security/bulletin/ms06-042. mspx
>>>>>>>>> http://support.microsoft.com/kb/923762/
>>>>>>>>>
>>>>>>>>> If you would provide links to the primary information sources
>>>>>>>>> rather
>>>>>>>>> than only quotes of third-party digests, people would have the
>>>>>>>>> full info, would not have been mislead in thinking this systemic
>>>>>>>>> to more OS/IE combos, people would have had access to
>>>>>>>>> recommendations on what to do and that the patch update is "on the
>>>>>>>>> way", and I would not have needed to correct this.
>>>>>>>>
>>>>>>>> BS!!! Re-read my post and you will see the quote:
>>>>>>>>
>>>>>>>> "...running Windows 2000 and Windows XP Service Pack 1..."
>>>>>>>>
>>>>>>>> It is clearly represented. You just do not like slashdot but are
>>>>>>>> not brave enough to admit it...
>>>>>>>>
>>>>>>>> Imhotep
>>>>>>>>
>>>>>>>>
>>>>>>>>> Roger
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "imhotep" wrote in message
>>>>>>>>> news:2s-dnVEkAu2pgHDZnZ2dnUVZ_umdnZ2d@adelphia.com...
>>>>>>>>>> Microsoft patch opens users to attack
>>>>>>>>>>
>>>>>>>>>> "The flaw, initially thought to only crash Internet Explorer,
>>>>>>>>>> actually
>>>>>>>>>> allows an attacker to run code on computers running Windows 2000
>>>>>>>>>> and Windows XP Service Pack 1 that have applied the August
>>>>>>>>>> cumulative update to
>>>>>>>>>> Internet Explorer 6 Service Pack 1, security firm eEye Digital
>>>>>>>>>> Security
>>>>>>>>>> told SecurityFocus on Tuesday. The update, released on August 8,
>>>>>>>>>> fixed eight security holes but also introduced a bug of its own,
>>>>>>>>>> according to
>>>>>>>>>> Marc Maiffret, chief hacking officer for the security firm, which
>>>>>>>>>> notified Microsoft last week that the issue is exploitable."
>>>>>>>>>>
>>>>>>>>>> http://www.securityfocus.com/news/11408?ref=rss
>>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> No clue about what it is you attempt to discuss.
>>>>>>
>>>>>> Then I will restate:
>>>>>> A good programmer never guesses. Microsoft screwed up by not testing
>>>>>> to
>>>>>> see
>>>>>> if XP SP2 was installed *before* installing the patch and as such
>>>>>> caused people who did not SP2 installed to be vulnerable.
>>>>>>
>>>>>> You just never will admit when Microsoft screws up....
>>>>>>
>>>>>>> However, my comments were, at least where you appear to be taking
>>>>>>> issue, centering on fact that it is only the rare exception when a
>>>>>>> Windows
>>>>>>> security patch is issues for XP Sp1. Those stopped months ago.
>>>>>>> An XP Sp1 system is today unpatch relative to a number of
>>>>>>> vulnerabilities ipso facto.
>>>>>>
>>>>>> Never the less, as a programmer you never guess. You always
>>>>>> check...notice I
>>>>>> said good programmer....
>>>>>>
>>>>>>
>>>>>
>>>>> You know, it is humorous, almost cute, the extent you will go to
>>>>> in order to be able to say "MS, you screwed up" while yet claiming
>>>>> it is in the service of informing.
>>>>>
>>>>
>>>>
>>>> The only thing more humorous is the length you will go to in defense of
>>>> Microsoft. Even when, it is illogical and down right BS at times. I can
>>>> honestly say that I will criticize Apple or Linux when they screw up.
>>>> Why
>>>> should I be lighter on Microsoft?
>>>>
>>>> You on, the other hand, try to shamefully redirect the topic by labling
>>>> me and others as "Microsoft haters". What are you so afraid of? Bad
>>>> press
>>>> for Microsoft? They are "big boys" and can defend themselves....
>>>>
>>>> Next time stick on the topic....everyone knows your game anyway.
>>>>
>>>> Imhotep
>>>>
>>>
>>> I am fearless.
>>> I dare you to find in any archive where I have called you "Microsoft
>>> hater".
>>>
>>> I criticize MS very heavily and quite often, where/when deserved.
>>> I hold no patience with BS and slurred meaning/intents.
>>> I have no problem attempting to dispell such illusions when presented.
>>>
>>> You do not believe I have just stated the truth.
>>> But I really do not care.
>>
>> ...then why did you reply?
>>
>
> Obviously because this forum speaks to more than just you..


Did I hurt your ego???

--Imhotep

Re: Microsoft patch opens users to attack

Post removed (X-No-Archive: yes)