RE: [ISN] PATCH DELAY? Buffer Overflow in UPnP Service On Microsoft Windows

From: InfoSec News (isnat_private)
Date: Fri Dec 28 2001 - 20:13:44 PST

  • Next message: InfoSec News: "Re: [ISN] Defacements/Server Compromise, Some Companies Simply Don't Care"

    Forwarded from: McDonald Patrick <mcdonald_patrickat_private>
    I don't have an issue with how long Microsoft took to issue.  I have
    issue with Microsoft not notifying their customers.  How many people
    could have been exploited and never known?  Microsoft could have taken
    their sweet time as long they advise the consumer on how to protect
    themselves until the patch was loaded.
    -----Original Message-----
    From: owner-isnat_private [mailto:owner-isnat_private]On Behalf Of
    InfoSec News
    Sent: Thursday, December 27, 2001 11:12 PM
    To: isnat_private
    Subject: [ISN] PATCH DELAY? Buffer Overflow in UPnP Service On Microsoft
    Forwarded from: mrs_aida_capistranoat_private
    Cc: marcat_private
    Hi there,
    I posted this to the main security lists today, but no one seems interested.
    Chris at suggest I send it to attrition and I am copying Marc,
    in case he wishes to verify this chain of events or not. One can never tell
    if Microsoft is telling the truth or not :-(
    Dear Ladies and Gentlemen,
    The following official statement was published in a Microsoft news group on
    the 26th of December 2001 when many participants queried why it took nearly
    two months for a patch to be developed to address the Buffer Overflow in
    UPnP Service On Microsoft Windows
    It does not explain why these defective goods continued to ship for the
    Christmas sales season but might be of interest to people on these security
    mailing lists:
    direct link to news article on the server:
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 01:12:32 PST