If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public in January
And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ Patches that were apparently compiled in early February. I wonder why ? []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Ads |
#2
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 5/17/2017 5:40 PM, Shadow wrote:
And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. -- best regards, Neil |
#3
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 17/05/2017 22:40, Shadow wrote:
Patches that were apparently compiled in early February. I wonder why ? []'s Because Microsoft is still providing support of XP to anybody (mainly big corporations and Governments) who is prepared to pay for the service. Therefore, the patch was already prepared for them but out of loyalty decided to release it for the general public to patch up their old xp machines just for the attack that took place last week. No big surprise in this don't you think so? -- With over 500 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows. |
#4
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public in January
On Wed, 17 May 2017 17:57:38 -0400, Neil
wrote: On 5/17/2017 5:40 PM, Shadow wrote: And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. As shown here (you deleted the links): https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. All those words must be tough .... MS was warned in JANUARY that their backdoor had gone public and was being exploited. They compiled patches for Win 7 and 10 in early FEBRUARY, but only released them to users in MARCH. IOW, lusers that "keep supported versions up to date" were vulnerable for TWO months. Please read the reports before commenting. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#5
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public in January
"Shadow" wrote
| Patches that were apparently compiled in early February. | | I wonder why ? Patches compiled in Feb and included in the March update. Doesn't that make sense? The XP issue is interesting, though. The NSA have turned into blackhats. Meanwhile MS criticizes them for not reporting the bug. Yet MS routinely withhold patches from XP (and now apparently also from Win7 with newer CPUs). And they're famous for stalling on patches until someone like Google goes public with them. They make all the patches for XP, and they sell them to companies willing to pay through the nose. But they won't sell them at any price to the general public because they want to push people to buy new computers. Wannacry has shed a lot of light on a lot of dark, stinky corners of both gov't and tech companies. I was surprised at how much MS are extorting from the British health centers for XP support: $200 for year 1, then that doubles each year. No wonder the Brits were trying to get by without paying for support. |
#6
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 18-May-17 1:39 AM, Mayayana wrote:
Wannacry has shed a lot of light on a lot of dark, stinky corners of both gov't and tech companies. Beautifully put. |
#7
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 05/18/17 00:28, Good Guy wrote:
On 17/05/2017 22:40, Shadow wrote: Patches that were apparently compiled in early February. I wonder why ? []'s Because Microsoft is still providing support of XP to anybody (mainly big corporations and Governments) who is prepared to pay for the service. Therefore, the patch was already prepared for them but out of loyalty decided to release it for the general public to patch up their old xp machines just for the attack that took place last week. No big surprise in this don't you think so? They only released it for their own stock price wouldn't fall like a stone as it would if they kept internet in chaos and let wannacry keep on infecting machines. |
#8
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 5/17/2017 7:29 PM, Shadow wrote:
On Wed, 17 May 2017 17:57:38 -0400, Neil wrote: On 5/17/2017 5:40 PM, Shadow wrote: And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. As shown here (you deleted the links): https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. All those words must be tough .... MS was warned in JANUARY that their backdoor had gone public and was being exploited. They compiled patches for Win 7 and 10 in early FEBRUARY, but only released them to users in MARCH. IOW, lusers that "keep supported versions up to date" were vulnerable for TWO months. Please read the reports before commenting. []'s Your premise is quite clear...without any clue as to why it might take a couple of weeks for a company to release an update, you merely complain that they didn't. Whatever you think might be the point of such "reports", IMO, it's neither informative nor useful information. -- best regards, Neil |
#9
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
Neil wrote:
On 5/17/2017 7:29 PM, Shadow wrote: On Wed, 17 May 2017 17:57:38 -0400, Neil wrote: On 5/17/2017 5:40 PM, Shadow wrote: And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. As shown here (you deleted the links): https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. All those words must be tough .... MS was warned in JANUARY that their backdoor had gone public and was being exploited. They compiled patches for Win 7 and 10 in early FEBRUARY, but only released them to users in MARCH. IOW, lusers that "keep supported versions up to date" were vulnerable for TWO months. Please read the reports before commenting. []'s Your premise is quite clear...without any clue as to why it might take a couple of weeks for a company to release an update, you merely complain that they didn't. Whatever you think might be the point of such "reports", IMO, it's neither informative nor useful information. A lot of testing has to go into SMB changes. SMB has "versions" and "dialects", and has to be matrix tested against all the OSes. I'm sure whatever they use for a test suite, hasn't been taken apart and destroyed in the name of purity. Still, it's going to take a while to test and make sure the patches don't break anything. I still haven't seen any comments from WePOS users, as to whether they got a patch or not automatically. And at what point in time. Paul |
#10
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public in January
On Thu, 18 May 2017 08:43:38 -0400, Neil
wrote: On 5/17/2017 7:29 PM, Shadow wrote: On Wed, 17 May 2017 17:57:38 -0400, Neil wrote: On 5/17/2017 5:40 PM, Shadow wrote: And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. As shown here (you deleted the links): https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. All those words must be tough .... MS was warned in JANUARY that their backdoor had gone public and was being exploited. They compiled patches for Win 7 and 10 in early FEBRUARY, but only released them to users in MARCH. IOW, lusers that "keep supported versions up to date" were vulnerable for TWO months. Please read the reports before commenting. []'s Your premise is quite clear...without any clue as to why it might take a couple of weeks for a company to release an update, you merely complain that they didn't. Whatever you think might be the point of such "reports", IMO, it's neither informative nor useful information. TWO MONTHS is not a "couple of weeks". Maybe you use a different calendar. And they could have released a 'notice' warning about the SMB issue, so IT techs could have minimized the impact of the exploit, which hit Win 7 and 10. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#11
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 5/18/2017 9:37 AM, Shadow wrote:
On Thu, 18 May 2017 08:43:38 -0400, Neil wrote: On 5/17/2017 7:29 PM, Shadow wrote: On Wed, 17 May 2017 17:57:38 -0400, Neil wrote: On 5/17/2017 5:40 PM, Shadow wrote: And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. As shown here (you deleted the links): https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. All those words must be tough .... MS was warned in JANUARY that their backdoor had gone public and was being exploited. They compiled patches for Win 7 and 10 in early FEBRUARY, but only released them to users in MARCH. IOW, lusers that "keep supported versions up to date" were vulnerable for TWO months. Please read the reports before commenting. []'s Your premise is quite clear...without any clue as to why it might take a couple of weeks for a company to release an update, you merely complain that they didn't. Whatever you think might be the point of such "reports", IMO, it's neither informative nor useful information. TWO MONTHS is not a "couple of weeks". Maybe you use a different calendar. And they could have released a 'notice' warning about the SMB issue, so IT techs could have minimized the impact of the exploit, which hit Win 7 and 10. []'s Your "warning" notion reminds me of those commercials where the "problem monitor" informs the person of a problem, but it isn't his job to provide a fix. My calendar puts February ONE MONTH before March, which means it was a matter of WEEKS between developing the patch and its distribution to Win10 users in Mid-March. Do you have any clue what it takes to do that? I think not. -- best regards, Neil |
#12
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 5/18/2017 9:11 AM, Paul wrote:
Neil wrote: On 5/17/2017 7:29 PM, Shadow wrote: On Wed, 17 May 2017 17:57:38 -0400, Neil wrote: On 5/17/2017 5:40 PM, Shadow wrote: And waited almost 2 months to issue patches for Win 7 and 10, and 3 months for XP. [...] Patches that were apparently compiled in early February. As shown here (you deleted the links): https://www.theinquirer.net/inquirer...ry-xp-patching https://www.theregister.co.uk/2017/0...ing_flaws_too/ I wonder why ? []'s Why not? It's the USER'S responsibility to make unsupported OS versions secure as well as to keep supported versions up-to-date. Those that choose to do otherwise suffer the consequences, and we'll see whether they learn anything from this episode or continue to point fingers. All those words must be tough .... MS was warned in JANUARY that their backdoor had gone public and was being exploited. They compiled patches for Win 7 and 10 in early FEBRUARY, but only released them to users in MARCH. IOW, lusers that "keep supported versions up to date" were vulnerable for TWO months. Please read the reports before commenting. []'s Your premise is quite clear...without any clue as to why it might take a couple of weeks for a company to release an update, you merely complain that they didn't. Whatever you think might be the point of such "reports", IMO, it's neither informative nor useful information. A lot of testing has to go into SMB changes. SMB has "versions" and "dialects", and has to be matrix tested against all the OSes. I'm sure whatever they use for a test suite, hasn't been taken apart and destroyed in the name of purity. Still, it's going to take a while to test and make sure the patches don't break anything. I still haven't seen any comments from WePOS users, as to whether they got a patch or not automatically. And at what point in time. Paul Some get it, others not so much. Users of a poorly maintained or unsupported OS are in no position to whine about the time it took to get a free fix. Priorities have an impact on such things. -- best regards, Neil |
#13
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
J.O. Aho wrote:
On 05/18/17 00:28, Good Guy wrote: On 17/05/2017 22:40, Shadow wrote: Patches that were apparently compiled in early February. I wonder why ? []'s Because Microsoft is still providing support of XP to anybody (mainly big corporations and Governments) who is prepared to pay for the service. Therefore, the patch was already prepared for them but out of loyalty decided to release it for the general public to patch up their old xp machines just for the attack that took place last week. No big surprise in this don't you think so? They only released it for their own stock price wouldn't fall like a stone as it would if they kept internet in chaos and let wannacry keep on infecting machines. Microsoft commits to supporting an OS for a fixed period. Sometimes the period is extended, to help their bigger customers. (In the same way as SunOS 4.1 support was dragged on a bit, because of the situation on the installed base.) When Microsoft really wants to commit to something, it is put in writing on the web site. Any time they want to flim-flam customers, they have their "partners", like Andre Costas write an article. When Andre says something, the lawyers can later refute what was said. But the Lifecycle is defined on the Microsoft website. If you use WinXP after April 2014, it is up to you as the customer, to understand the consequences. That's why they put that annoying "End Of Life" banner via windows Update around that time, as an "official" warning to the less-motivated customers. If you knew the banner was incoming on Windows Update, you could avoid installing it. Sure their stock price could fall. But there have been other issues, for which Microsoft did not patch WinXP (if you're lucky, maybe WePOS got a patch), so I don't see anything really different here. If you want to "go rogue" with your copy of WinXP, they're not stopping you. Any more than they're stopping Win98 users from using that OS. Did Win98 get patched ? I don't think it's stock price. It's "Enterprise support" that's driving the decision. They're not doing this for NHS, they're doing this for companies that run a clean shop and still have legacy machines present. ******* And to show what a half job of this they're doing, 4012598 is *not* showing up in Windows Update. If you reinstall WinXP today, you will *not* get patched by just using Windows Update. I used wsusoffline 9.2.1 a few minutes ago, and it's obvious the wsusscn2 file that wsusoffline uses, is "frozen in size". That means the WinXP patch train right now, is "frozen" in some way. So the patch that was made available, was not done properly. The patch file is available from catalog.update.microsoft.com (to suit IT departments), but for lazy home users, you don't get this one by sitting on your ass. Anyone who reinstalls the OS now, has to remember "oh yeah, don't forget to add 4012598". I hardly see this level of service as "saving the stock price". They extended this olive branch, to keep some Enterprise customer from freaking out. This doesn't look like a "home user freebie" to me, because the usual delivery mechanism is now busted. Wsusoffline pulls in the whole wsusscn2.cab file, just like MBSA 2.3 does. That would suggest (I haven't tested this), that if you scan a vulnerable WinXP machine with MBSA 2.3, it *cannot* detect that 4012598 is missing. The onus is on the user to do this *manually*. Hardly any face is being saved, by doing it this way. Paul |
#14
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public in January
In message , Neil
writes: On 5/18/2017 9:11 AM, Paul wrote: [] I still haven't seen any comments from WePOS users, as to whether they got a patch or not automatically. And at what point in time. Paul Some get it, others not so much. Users of a poorly maintained or unsupported OS are in no position to whine about the time it took to get a free fix. Priorities have an impact on such things. I saw no whine in what Paul said. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf If you believe in telekinesis, raise my right hand |
#15
|
|||
|
|||
M$ knew that the Wannacrypt vulnerability had gone public inJanuary
On 5/18/2017 4:34 PM, J. P. Gilliver (John) wrote:
In message , Neil writes: On 5/18/2017 9:11 AM, Paul wrote: [] I still haven't seen any comments from WePOS users, as to whether they got a patch or not automatically. And at what point in time. Paul Some get it, others not so much. Users of a poorly maintained or unsupported OS are in no position to whine about the time it took to get a free fix. Priorities have an impact on such things. I saw no whine in what Paul said. Since Paul is one of the least likely contributors on this ng to have a poorly maintained computer, why do you think my comment referred to him? Or, were you trying to warp the discussion in a particular direction by snipping the relevant parts? -- best regards, Neil |
|
Thread Tools | |
Display Modes | |
|
|