[thelist] New Critical Security Patch for Windows....

Anthony Baratta anthony at baratta.com
Wed Feb 11 10:48:34 CST 2004

At 05:01 AM 2/11/2004, Eveline wrote:
>I don't know if you have heard, but Microsoft already knew about this 
>issue, 6 months ago.... The
>security company which discovered the problem, had to promise Microsoft 
>not to go public with this
>until they had a solution.....
>Nice practises, isn't it......

Yup - read that.

Such a delay just makes it even more important to patch immediately. If 
someone found the hole 6 months ago and you take into consideration the 
number of people pounding on the OS looking for hole - someone (or several 
someone's) are bound to discover the hole independently and they might not 
be working for the good guys.

There are real zero-day* exploits floating around out there, if you 
own/manager/admin a server no matter what the OS you have to keep up with 
the patches. And keep an ear to the ground on non-public security holes.

Of course you also need to practice safe hex and minimize the access points 
in your machine by turning off all non-essential services.

* A Zero-Day exploit is an unknown/non-public security hole that is being 
used by crackers to gain access to machines. 

Anthony Baratta
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."

More information about the thelist mailing list