Re: New M$ vulnerability patch for Windows

["Jim Franz" <franz400@xxxxxxxxxxxx>]

> other than a buffer overrun flaw in Windows Messenger Service, why would a
> user need to block access to it?

With a multitude of Cert Advisories with phrases like "denial of service",
"allow an intruder to execute arbitrary code". These are simple script
kiddie attacks. There has not been one problem with Messenger, but now
years of problems. It serves no useful purpose, other than to let the vendor
(MS) and anyone else with the skill, into your pc.
It's a perfect example of Windoze features with no clue as to their effect
in
the wild.
Soon MS will try to convince us that only they can keep your pc and network
secure, with automatic updates. And they will screw that up too.
jim

> >Here is a good example.  the Windows Messenger Service.    People can
> >interface it over the internet and display pop ups on your computer.  It
> >isn't a "bug" so there is no patch to prevent it.  You actually need to
> >either uninstall windows messenger or have a firewall to block the ports.
>
> other than a buffer overrun flaw in Windows Messenger Service, why would a
> user need to block access to it?  If the protocol server, even FTP, does
> what it is designed to do, why does access to it have to be completely
> blocked?
>
> I just question if we are all overreacting because we are not aware of the
> details of how things work.
>
> -Steve
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>