RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)

• Previous message: Riley Hassell: "Preventing /*exploitation with*/ rebasing"
• Next in thread: Jason Coombs: "RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)"
• Reply: Jason Coombs: "RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jason,

> 
> I've proposed to Microsoft that they stop publishing Mitigating
Factors in
> their security bulletins, and now it looks necessary to propose the
same
> in
> a more open forum.
>

I disagree. From a risk perspective you need to know mitigating factors.
To kill the hype that accompanies a newly discovered vulnerability you
need a cool, dispassionate, overview of the problem. Your sample
'aggravating' factor was anything but, and would be more likely to add
to the hype.

I think your decision to ask Microsoft first is a sign of your
prejudice, why not ask the Open Source communities to lead the way? I
can see it now: "WARNING: By using Open Source code anyone can modify
the source, replace your binaries, and completely root your system!"

John Howie CISSP MCSE
President, Security Toolkit LLC

• Next message: Knud Erik Højgaard: "[Full-Disclosure] f-prot antivirus useless buffer overflow"
• Previous message: Riley Hassell: "Preventing /*exploitation with*/ rebasing"
• Next in thread: Jason Coombs: "RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)"
• Reply: Jason Coombs: "RE: Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 09:13:31 PST