[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]

On Wed, 17 Aug 2005, Micheal Espinola Jr wrote:

> >From my perspective, developing a patch and applying a patch are two
> different life cycles.  I'm no developer, but I know what it takes to
> properly test and roll-out patches within my (current and previous)
> organization(s).
>
> I don't pretend to believe that all patches are the same, but this PnP
> patch is one of the less difficult to deal with in terms of a
> roll-out.  I truly believe this recent worm could have been avoided if
> MS05-039 was taken more seriously.

Isn't this like the second or third time M$ has been bitten by pnp within
the past say two to three years?  So, is this an example of the M$
tendency to not fully patch the affected system/service, but to only
address a "current" potential which has been a thing that's bitten them in
the past many many times as well?


>
> I cannot say as to why MS hasn't addressed any other outstanding
> issues.  While it's a valid concern of mine as well, it really doesn't
> relate to the discussion regarding the MS05-039 fiasco.
>


Perhaps it does realte considering the above and considering that the unix
world learned many of the evils of RCP services over ten years ago that
seem to hit the M$ realm every few months, repeatedly...


Thanks,

Ron DuFresne
-- 
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/