Yo! Microsoft! Did you hear that?

[polm]

http://isc.sans.org/

This was in the handler's diary from yesterday :

Yo! Microsoft!
This past weekend saw yet another round of attacks aimed at unpatched vulnerabilities in Microsoft's Internet Explorer. The so-called "Bofra" incident targets an unpatched issue with IE's handling of malicious IFRAMEs. While users of Windows XP with Service Pack #2 applied are immune (and, to answer Marc's question from yesterday's diary, this immunity appears to be a result of a change in the actual code underlying IE, not simply a matter of changes to the default security settings...) those who are not running XP and those who are unable or unwilling to apply SP2 have been left unprotected.

There is a saying: Nature abhors a vacuum. If that's true, inaction on the part of the folks in Redmond must really have Nature's undies in a bunch. Understandably enough, several independent developers have stepped into this Microsoftian-void and are now selling "unofficial" patches on the 'net for unaddressed vulnerabilities in IE, including fixes for the very IFRAME vulnerability exploited by Bofra.

Yo! Microsoft! What don't you get? People are so scared to surf with an unpatched IE that they're shelling out cold, hard cash to third-parties for a level of "Trustworthy Computing" that you should be providing. It's time to step up to the plate. Do you hear? Hello?

End users: While we can understand your frustration, we cannot recommend that you use these "unofficial," third-party patches. Applying these patches will almost certainly cause Microsoft to refuse responsibility for support going forward and using these patches could cause issues with updating your system when "official" patches finally become available.

If you find yourself in a situation where you're unable or unwilling to upgrade your system to XPSP2, there is one third-party security patch to IE that we can wholeheartedly recommend: it's called FireFox (or Netscape, or Opera, or...).

Yo! Microsoft! Did you hear that?

 

[MrChad]

Yo! SP2 has been out for months! Did you hear that? 😛

 

[InlineFive]

Originally posted by: MrChad
Yo! SP2 has been out for months! Did you hear that? 😛

I would install it sooner then later.

 

[FoBoT]

SP2 works fine and so does Firefox

no worries here

 

[arod]

Anybody who runs XP and doesnt use SP2 is a moron.... The whole reason for windows updates/Service Packs was so they wouldnt have to release a new patch for every new security flaw.

 

[Fritzo]

I run into a bunch of people that are paranoid about MS patches saying "I don't need no patch- it'll cause more problems than it'll solve. I'm not having any problems!." Then they call me because they caught a virus and blame Microsoft for thier buggy unsecure software. Morons.

 

[Descartes]

Originally posted by: PorBleemo

Originally posted by: MrChad
Yo! SP2 has been out for months! Did you hear that? 😛

I would install it sooner then later.

If you install it sooner, then how how can you do so later? 😀

 

[neonerd]

Originally posted by: arod
Anybody who runs XP and doesnt use SP2 is a moron.... The whole reason for windows updates/Service Packs was so they wouldnt have to release a new patch for every new security flaw.

yup, and if you do have a problem downloading it, you can get it free on cd from them

 

[Ameesh]

Yo! MTV Raps!

 

[ultimatebob]

Originally posted by: MrChad
Yo! SP2 has been out for months! Did you hear that? 😛

Yo yourself! SP2 has known incompatibilities with half a dozen applications on my laptop, most of which I NEED to use for work. I'm not putting that shizzy on my computer until they FIX it.

 

[NogginBoink]

Yes, Microsoft hears. Trust me, they do.

And bob, Microsoft isn't going to fix app incompatibilities, the application vendor will have to change their applications to run on SP2. Most of the apps that don't work under SP2 were insecure to begin with and SP2 just makes the insecure behavior no longer work.

 

[EagleKeeper]

SP2 screwed up my laptop for internet access.

Lappy is for work and $$.

I will just not browse with it, excepted for sites that I trust.

Will use the standard system for exploration using W2K

 

[Adul]

there is a free patch its called firefox 😀

 

[Ameesh]

Originally posted by: NogginBoink
Yes, Microsoft hears. Trust me, they do.

And bob, Microsoft isn't going to fix app incompatibilities, the application vendor will have to change their applications to run on SP2. Most of the apps that don't work under SP2 were insecure to begin with and SP2 just makes the insecure behavior no longer work.

bob is too dumb to understand that

 

[Injury]

Yo! Polm! WRONG FVCKING FORUM.

 

[rbrandon]

Originally posted by: ultimatebob

Originally posted by: MrChad
Yo! SP2 has been out for months! Did you hear that? 😛

Yo yourself! SP2 has known incompatibilities with half a dozen applications on my laptop, most of which I NEED to use for work. I'm not putting that shizzy on my computer until they FIX it.

Call the tech support for those programs. SP2 Betas have been out for over six months, along with Pre-Release SP2's which came out over the summer. If they haven't fixed their programs yets its noone elses' fault but their own




Put the blame on the people who deserve it, not Microsoft.

 

[bluehorizon]

Originally posted by: Fritzo
I run into a bunch of people that are paranoid about MS patches saying "I don't need no patch- it'll cause more problems than it'll solve. I'm not having any problems!." Then they call me because they caught a virus and blame Microsoft for thier buggy unsecure software. Morons.

:thumbsup:

 

[DOSfan]

Originally posted by: arod
Anybody who runs XP and doesnt use SP2 is a moron.... The whole reason for windows updates/Service Packs was so they wouldnt have to release a new patch for every new security flaw.

SP2 has been known to have unstable "inequities" with some systems.

Not all of them are software based either.

At least two people I know have had thier systems crash on bootup after installing SP2.

Yes, even right after a fresh install.

Of course, these two are most likely the exception to the rule.....

But I would hardly think they are morons.

Wouldn't you agree arod?

Originally posted by: Ameesh

Originally posted by: NogginBoink
Yes, Microsoft hears. Trust me, they do.

And bob, Microsoft isn't going to fix app incompatibilities, the application vendor will have to change their applications to run on SP2. Most of the apps that don't work under SP2 were insecure to begin with and SP2 just makes the insecure behavior no longer work.

bob is too dumb to understand that

Or perhaps he would rather just keep working like he always has, and maybe install a "fix" in the lines of FireFox, Opera, Hetscape, Mozilla, whatever.

But of course, his intelligence is the only real problem. Right?

Originally posted by: rbrandon

Originally posted by: ultimatebob

Originally posted by: MrChad
Yo! SP2 has been out for months! Did you hear that? 😛

Yo yourself! SP2 has known incompatibilities with half a dozen applications on my laptop, most of which I NEED to use for work. I'm not putting that shizzy on my computer until they FIX it.

Call the tech support for those programs. SP2 Betas have been out for over six months, along with Pre-Release SP2's which came out over the summer. If they haven't fixed their programs yets its noone elses' fault but their own




Put the blame on the people who deserve it, not Microsoft.

Perhaps I missed it... But I do not see any blame being laid here. Now responsibility is being incorrectly placed on Microsoft.... But that is different than blame.

EDIT: Edited for Mo0o.

 

[Mo0o]

Originally posted by: DOSfan

Originally posted by: arod
Anybody who runs XP and doesnt use SP2 is a moron.... The whole reason for windows updates/Service Packs was so they wouldnt have to release a new patch for every new security flaw.

SP2 has been known to have unstable "inequities" with some systems.

Not all of them are software based either.

At least two people I know have had thier systems crash on bootup after installing SP2.

Yes, even right after a fresh install.

Of course, these two are most likely the exception to the rule.....

But I would hardly think they are morons.

Wouldn't you agree arod?

Originally posted by: Ameesh

Originally posted by: NogginBoink
Yes, Microsoft hears. Trust me, they do.

And bob, Microsoft isn't going to fix app incompatibilities, the application vendor will have to change their applications to run on SP2. Most of the apps that don't work under SP2 were insecure to begin with and SP2 just makes the insecure behavior no longer work.

bob is too dumb to understand that

Or perhaps he would rather just keep working like he always has, and maybe install a "fix" in the lines of FireFox, Opera, Hetscape, Mozilla, whatever.

But of course, his intelligence is the only real problem. Right?

Originally posted by: rbrandon

Originally posted by: ultimatebob

Originally posted by: MrChad
Yo! SP2 has been out for months! Did you hear that? 😛

Yo yourself! SP2 has known incompatibilities with half a dozen applications on my laptop, most of which I NEED to use for work. I'm not putting that shizzy on my computer until they FIX it.

Call the tech support for those programs. SP2 Betas have been out for over six months, along with Pre-Release SP2's which came out over the summer. If they haven't fixed their programs yets its noone elses' fault but their own




Put the blame on the people who deserve it, not Microsoft.

Perhaps I missed it... But I do not see any blame being laid here. Now responcibilty is being incorrectly placed on Microsoft.... But that is different than blame.

Ok normally im not a spelling nazi but if you're going to be underlining words atleast make sure those are spelled correctly. "Responsibility"

 

[luvya]

I just keep my anti-virus currentt, no SP2 installed yet. So far no problem.