Bink.nu Services

Subscribe to our feed 

 


Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

Who is online

There are 154 guest(s) online.

There are 0 member(s) online.

Sponsors



Popular Tags

Archives

Emergency Patch.. The effect on installations?
Posted by MBrant October 23, 2008 8:55 PM with 2 comment(s)
Filed under: , , , , , , , , , ,
Microsoft has been quick to act on informing IT pros and the general public on the security issue in nearly every NT-based Windows version out in the wild however more details are still lacking.

The bug concerns the Server service found in all NT-based Windows OS responsible for communication between computers in a Windows based Network allowing for remote execution of code.

Bink first reported the issue along with a link to the rather small KB article. Since then Microsoft updated the article (several times?) to provide more information to the public. Questions are raised after seeing this additional information.

Why are Windows 2000 / XP / 2003 rated "Critical" and why are Vista and 2008 rated "Important"?

Why is there information available on what could happen on Windows 2000 / XP / 2003 systems but not on what could happen to Vista and 2008 systems?

Why are Windows Server 2008 Core installations effected?

Who found this critical flaw? (Internal or external reporting)

How come Windows 7 is effected? (This also confirms the bug is in the deep roots of the NT Server service and no major overhaul is taking place in concerning these types of services in Windows 7, not that a overhaul was expected.)

The updated are available to all users via Windows Update right now. All systems using the default autoupdate settings should get the patch tonight. For enterprise deployment, please refer to the deployment guide.

Hopefully when the systems are patched, we could get a glimpse on how this bug works and how it could be there has been a flaw in a modern and secure system for over 8 years now. More information will be posted as it comes available.

Send via e-mail | Submit to Digg | Add to Live Favorites
3416736 Views
Source: In House

Comments

 

lgladdy said:

I assumed it wasn't critical on vista and 2008 because it requires authentication in order to exploit, on the other systems is doesn't and thus is publicly open for exploitation. On vista you'd have to know the password, or brute force it.

October 23, 2008 9:51 PM
 

xMorpheousx416 said:

I wouldn't assume anything when it comes to Microsoft's way of playing down a situation.

Vista and 2008 are a multi-billion dollar investment... they won't act fast to push the panic button when an exploit is found.. and in fact, they truly never have.  Would you, if doing so made your taunting of a "more" secure system would get suffer yet another black eye?

On top of that.. if you label an aging OS as "critical" and scream to the world.. "you need this patch now!!!"  you just might get some of them to look at Vista and say, "we need to upgrade so we're not as vulnerable".   When, you still would be.  

Scare tactics, are business tactics.

XP may be six years old this year.. but it's stable, it works the way it was intended.. but it still has it's weak points.  Vista may have more secure features, but no one said it was truly a different OS.  The proof is in the pudding with the prime example right here!!

If MS stated from the beginning that Vista was "all new code".. they lied.  Problem really is.. is that strict Windows fanatics will believe anything they are told and fight to the bitter end as they watch their Vista OS crumble to the ground from an exploit that is over eight years old.

Windows 7?  How many times are you going to buy the same OS with a different paint job?  

Know the password or brute force?  I don't think so... I've watched malware programs completely annihilate Vista right in front of me, and not once did I see the UAC stop it from happening.  

October 24, 2008 6:50 PM

About MBrant

Bink.nu crewmember - MCITP and MCTS on Windows 2008 R2 http://www.martijnbrant.net/
Powered By IIS 7 Powered by ASP.NET
Bink.nu 3.0. Copyright © 1999-2012 Steven Bink. All Rights Reserved.
Microsoft and Microsoft logo's are trademarks of Microsoft Corporation.