PDA

View Full Version : Re: Microsoft Security Bulletin MS03-010 - 331953

Duncan Hsu
March 26th 03, 09:57 PM
The article explains why NT 4 patch is not available.
But I think this show MS' attitudes that they will
never put security as their number 1 priority.

Duncan

"Jerry Bryant [MSFT]" > wrote in message >...
> Title: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
> (331953)
> Date: March 26, 2003
> Software: Microsoft Windows NT 4; Microsoft Windows 2000; Microsoft Windows
> XP
> Impact: Denial of Service
> Maximum Severity Rating: Important
> Bulletin: MS03-010
>
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS03-010
>
> What Is It?
> The Microsoft Security Response Center has released Microsoft Security
> Bulletin MS03-010 which concerns a vulnerability in Windows NT 4, 2000 and
> XP Operating Systems. Customers are advised to review the information in
> the bulletin and test and deploy the patch in their environments, if
> applicable.
>
> More information is now available at
> http://www.microsoft.com/technet/security/bulletin/MS03-010.asp
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety (1-866-727-2338).
> International customers should contact their local subsidiary.
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
x y, mvp
March 28th 03, 01:26 PM
"Tony Sheppard" > wrote in message
...

> Considering they are now pushing the migration from NT4 to 2003 server
they
> know that people still use it ... and will be for some time.

Yeah, but at some point you have to wonder about people who on the one hand
claim to be security conscious, while on the other hand the software they
are using is way old and support for it is vanishing. Usually this means
that security is NOT the top priority [money or man hours being more
important than security]. The argument that "I'm still on NT because it's
more stable in terms of number of vulnerabilities being found on it" is
holding less and less water.
Duncan Hsu
March 28th 03, 02:22 PM
Check the web site:
http://www.microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp
Accoding to that, MS have promised till Jan 1, 2005.

"Tony Sheppard" > wrote in message >...
> "Robert Moir" > wrote in message
> ...
> > Duncan Hsu wrote:
> > > The article explains why NT 4 patch is not available.
> > > But I think this show MS' attitudes that they will
> > > never put security as their number 1 priority.
> >
> > How long do you think they should continue to provide support for old
> > products? NT4 is what... 7 years old now, 8?
> >
> Don't think on it as "how old is the program?" but rather "when did they
> stop selling it?"
>
> Considering they are now pushing the migration from NT4 to 2003 server they
> know that people still use it ... and will be for some time.
>
> Just my tuppenceworth ...
>
> Tony Sheppard
Google