Microsoft patch opens users to attack
"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which notified
Microsoft last week that the issue is exploitable."

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full info,
would not have been mislead in thinking this systemic to more S/IE
combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update
to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which notified
Microsoft last week that the issue is exploitable."

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full info,
would not have been mislead in thinking this systemic to more S/IE
combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update
to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which notified
Microsoft last week that the issue is exploitable."

Roger Abell [MVP] wrote:
news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full info,
would not have been mislead in thinking this systemic to more S/IE
combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

Roger
>
>
>
"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Microsoft patch opens users to attack
>>
>"The flaw, initially thought to only crash Internet Explorer, actually
>allows an attacker to run code on computers running Windows 2000 and
>Windows XP Service Pack 1 that have applied the August cumulative update
>to
>Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>told SecurityFocus on Tuesday. The update, released on August 8, fixed
>eight security holes but also introduced a bug of its own, according to
>Marc Maiffret, chief hacking officer for the security firm, which notified
>Microsoft last week that the issue is exploitable."
>>
>
>>
>
>
>

was already post as re-releasing MS06-042 Tuesday, August 22
with citation to MS site itself

imhotep wrote:
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which notified
Microsoft last week that the issue is exploitable."

was already reported in the post
re-releasing MS06-042 Tuesday, August 22

"Jeff B" <jbeard_No-SpAm_1185@adelphia.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>news, and as mentioned in a number of prior threads, MS initially
>anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>IE 6 Sp 1, which is the only currently supported S config impacted
>(i.e. update a vulnerable XP to SP2 to become immune to this).
>>
>Again, your provided quote does not make clear that only W2k Sp4
>is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>that anyone running XP at Sp1 is missing a number of patches (not
>released for Sp1) making this issue relatively unimportant for them.
>>
>Aug 22 the bulletin and KB were updated to advise that issues had
>been found requiring further quality assurance time.
>
>
>>
>If you would provide links to the primary information sources rather
>than only quotes of third-party digests, people would have the full info,
>would not have been mislead in thinking this systemic to more S/IE
>combos, people would have had access to recommendations on what
>to do and that the patch update is "on the way", and I would not have
>needed to correct this.
>>
>Roger
>>
>>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update
to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which
notified
Microsoft last week that the issue is exploitable."


>>
>>
>
was already post as re-releasing MS06-042 Tuesday, August 22
with citation to MS site itself

well yes, but the rerelease did not happen until midday today

Roger Abell [MVP] wrote:

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full info,
would not have been mislead in thinking this systemic to more S/IE
combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not brave
enough to admit it

Imhotep

Roger
>
>
>
"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Microsoft patch opens users to attack
>>
>"The flaw, initially thought to only crash Internet Explorer, actually
>allows an attacker to run code on computers running Windows 2000 and
>Windows XP Service Pack 1 that have applied the August cumulative update
>to
>Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>told SecurityFocus on Tuesday. The update, released on August 8, fixed
>eight security holes but also introduced a bug of its own, according to
>Marc Maiffret, chief hacking officer for the security firm, which
>notified Microsoft last week that the issue is exploitable."
>>
>
>>
>

Roger Abell [MVP] wrote:

Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

Is that an apology?
-- Imhotep

Roger Abell [MVP] wrote:

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full info,
would not have been mislead in thinking this systemic to more S/IE
combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not brave
enough to admit it

Imhotep

Roger
>
>
>
"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Microsoft patch opens users to attack
>>
>"The flaw, initially thought to only crash Internet Explorer, actually
>allows an attacker to run code on computers running Windows 2000 and
>Windows XP Service Pack 1 that have applied the August cumulative update
>to
>Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
>told SecurityFocus on Tuesday. The update, released on August 8, fixed
>eight security holes but also introduced a bug of its own, according to
>Marc Maiffret, chief hacking officer for the security firm, which
>notified Microsoft last week that the issue is exploitable."
>>
>
>>
>

Roger Abell [MVP] wrote:

Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

Is that an apology?
-- Imhotep

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>Well, guess I better get with the program . . .
>
>was again updated later Aug 23 and now shows that for
>
>the issue some are reporting as (potentially) exploitable,
>IE 6 Sp1 without statement limiting to S is impacted.
>>
>
>
Is that an apology?

No.

An update.

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>news, and as mentioned in a number of prior threads, MS initially
>anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>IE 6 Sp 1, which is the only currently supported S config impacted
>(i.e. update a vulnerable XP to SP2 to become immune to this).
>>
>Again, your provided quote does not make clear that only W2k Sp4
>is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>that anyone running XP at Sp1 is missing a number of patches (not
>released for Sp1) making this issue relatively unimportant for them.
>
Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable
>
>
>Aug 22 the bulletin and KB were updated to advise that issues had
>been found requiring further quality assurance time.
>
>
>>
>If you would provide links to the primary information sources rather
>than only quotes of third-party digests, people would have the full info,
>would not have been mislead in thinking this systemic to more S/IE
>combos, people would have had access to recommendations on what
>to do and that the patch update is "on the way", and I would not have
>needed to correct this.
>
BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not brave
enough to admit it

Imhotep
>
>
>Roger
>>
>>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update
to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."

No clue about what it is you attempt to discuss.

However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of vulnerabilities
ipso facto.

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>Well, guess I better get with the program . . .
>
>was again updated later Aug 23 and now shows that for
>
>the issue some are reporting as (potentially) exploitable,
>IE 6 Sp1 without statement limiting to S is impacted.
>>
>
>
Is that an apology?

No.

An update.

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>news, and as mentioned in a number of prior threads, MS initially
>anticipated releasing updated patch on Aug 22 for W2k Sp4 running
>IE 6 Sp 1, which is the only currently supported S config impacted
>(i.e. update a vulnerable XP to SP2 to become immune to this).
>>
>Again, your provided quote does not make clear that only W2k Sp4
>is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
>that anyone running XP at Sp1 is missing a number of patches (not
>released for Sp1) making this issue relatively unimportant for them.
>
Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable
>
>
>Aug 22 the bulletin and KB were updated to advise that issues had
>been found requiring further quality assurance time.
>
>
>>
>If you would provide links to the primary information sources rather
>than only quotes of third-party digests, people would have the full info,
>would not have been mislead in thinking this systemic to more S/IE
>combos, people would have had access to recommendations on what
>to do and that the patch update is "on the way", and I would not have
>needed to correct this.
>
BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not brave
enough to admit it

Imhotep
>
>
>Roger
>>
>>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative update
to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."

No clue about what it is you attempt to discuss.

However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of vulnerabilities
ipso facto.

Roger Abell [MVP] wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>
Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

>>
>>
>Is that an apology?
>>
>
No.

An update.

Stubborn to the end
-- Imhotep

Roger Abell [MVP] wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>
Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

>>
>>
>Is that an apology?
>>
>
No.

An update.

Stubborn to the end
-- Imhotep

Roger Abell [MVP] wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>
news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.
>>
>Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
>Now, without debating if those users should/should not install SP2, the
>fact of the matter here was that the patch made them vulnerable
>>
>>
Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full
info, would not have been mislead in thinking this systemic to more
S/IE combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.
>>
>BS!!! Re-read my post and you will see the quote:
>>
>"running Windows 2000 and Windows XP Service Pack 1"
>>
>It is clearly represented. You just do not like slashdot but are not
>brave enough to admit it
>>
>Imhotep
>>
>>
Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative
update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."

--
No clue about what it is you attempt to discuss.

Then I will restate:
A good programmer never guesses. Microsoft screwed up by not testing to see
if XP SP2 was installed *before* installing the patch and as such caused
people who did not SP2 installed to be vulnerable.

You just never will admit when Microsoft screws up

However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of vulnerabilities
ipso facto.

Never the less, as a programmer you never guess. You always checknotice I
said good programmer

Roger Abell [MVP] wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>
news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.
>>
>Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
>Now, without debating if those users should/should not install SP2, the
>fact of the matter here was that the patch made them vulnerable
>>
>>
Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full
info, would not have been mislead in thinking this systemic to more
S/IE combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.
>>
>BS!!! Re-read my post and you will see the quote:
>>
>"running Windows 2000 and Windows XP Service Pack 1"
>>
>It is clearly represented. You just do not like slashdot but are not
>brave enough to admit it
>>
>Imhotep
>>
>>
Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer, actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative
update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."

--
No clue about what it is you attempt to discuss.

Then I will restate:
A good programmer never guesses. Microsoft screwed up by not testing to see
if XP SP2 was installed *before* installing the patch and as such caused
people who did not SP2 installed to be vulnerable.

You just never will admit when Microsoft screws up

However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of vulnerabilities
ipso facto.

Never the less, as a programmer you never guess. You always checknotice I
said good programmer

In article <@adelphia.com>,
imhotep <imhotep@nospam.netwrote:

>Then I will restate:
>A good programmer never guesses.

>Never the less, as a programmer you never guess. You always checknotice I
>said good programmer

It's clear that you don't work in the same field that I do. In
my field, you have to guess often, and you can end up spending large
amounts of time on figuring out how to make a "good" guess.

But then, in my field, you almost never get provably right answers:
at best you get answers with a confidence interval.

The people I work with produce programs that are right about 83% to 86%
of the time (sometimes 90+% right.) You might say that that sounds
terrible, but in fact we're top rated (usually the best in the world)
at what we do, and it isn't uncommon for our programs to be 15% to 20%
more accurate than would be the case for a very high rated expert
doing the same work. Better than the world's best -- and guessing
is an important part of our strategy.

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Roger Abell [MVP] wrote:

Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

Is that an apology?

>>
>No.
>>
>An update.
>
>
Stubborn to the end

and your proud of it?
-- Imhotep

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Roger Abell [MVP] wrote:

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full
info, would not have been mislead in thinking this systemic to more
S/IE combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not
brave enough to admit it

Imhotep

Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer,
actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative
update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital
Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according
to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."


>>
>>
>No clue about what it is you attempt to discuss.
>
Then I will restate:
A good programmer never guesses. Microsoft screwed up by not testing to
see
if XP SP2 was installed *before* installing the patch and as such caused
people who did not SP2 installed to be vulnerable.

You just never will admit when Microsoft screws up
>
>However, my comments were, at least where you appear to be taking
>issue, centering on fact that it is only the rare exception when a
>Windows
>security patch is issues for XP Sp1. Those stopped months ago.
>An XP Sp1 system is today unpatch relative to a number of vulnerabilities
>ipso facto.
>
Never the less, as a programmer you never guess. You always checknotice
I
said good programmer

If that was true, we would never ever need patches because all
venerability's would be spotted in testing

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Roger Abell [MVP] wrote:

Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

Is that an apology?

>>
>No.
>>
>An update.
>
>
Stubborn to the end

and your proud of it?
-- Imhotep

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:
>
>>
>"imhotep" <imhotep@nospam.netwrote in message
>@adelphia.com
Roger Abell [MVP] wrote:

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running SP2.
Now, without debating if those users should/should not install SP2, the
fact of the matter here was that the patch made them vulnerable

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full
info, would not have been mislead in thinking this systemic to more
S/IE combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not
brave enough to admit it

Imhotep

Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer,
actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative
update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital
Security
told SecurityFocus on Tuesday. The update, released on August 8, fixed
eight security holes but also introduced a bug of its own, according
to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."


>>
>>
>No clue about what it is you attempt to discuss.
>
Then I will restate:
A good programmer never guesses. Microsoft screwed up by not testing to
see
if XP SP2 was installed *before* installing the patch and as such caused
people who did not SP2 installed to be vulnerable.

You just never will admit when Microsoft screws up
>
>However, my comments were, at least where you appear to be taking
>issue, centering on fact that it is only the rare exception when a
>Windows
>security patch is issues for XP Sp1. Those stopped months ago.
>An XP Sp1 system is today unpatch relative to a number of vulnerabilities
>ipso facto.
>
Never the less, as a programmer you never guess. You always checknotice
I
said good programmer

If that was true, we would never ever need patches because all
venerability's would be spotted in testing

Roger Abell [MVP] wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running
SP2. Now, without debating if those users should/should not install
SP2, the fact of the matter here was that the patch made them
vulnerable

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full
info, would not have been mislead in thinking this systemic to more
S/IE combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not
brave enough to admit it

Imhotep

Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer,
actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative
update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital
Security
told SecurityFocus on Tuesday. The update, released on August 8,
fixed eight security holes but also introduced a bug of its own,
according to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."

No clue about what it is you attempt to discuss.
>>
>Then I will restate:
>A good programmer never guesses. Microsoft screwed up by not testing to
>see
>if XP SP2 was installed *before* installing the patch and as such caused
>people who did not SP2 installed to be vulnerable.
>>
>You just never will admit when Microsoft screws up
>>
However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a
Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of
vulnerabilities ipso facto.
>>
>Never the less, as a programmer you never guess. You always
>checknotice I
>said good programmer
>>
>>
>
You know, it is humorous, almost cute, the extent you will go to
in order to be able to say "MS, you screwed up" while yet claiming
it is in the service of informing.

The only thing more humorous is the length you will go to in defense of
Microsoft. Even when, it is illogical and down right BS at times. I can
honestly say that I will criticize Apple or Linux when they screw up. Why
should I be lighter on Microsoft?

You on, the other hand, try to shamefully redirect the topic by labling me
and others as "Microsoft haters". What are you so afraid of? Bad press for
Microsoft? They are "big boys" and can defend themselves

Next time stick on the topiceveryone knows your game anyway.

Imhotep

Slim wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:

news, and as mentioned in a number of prior threads, MS initially
anticipated releasing updated patch on Aug 22 for W2k Sp4 running
IE 6 Sp 1, which is the only currently supported S config impacted
(i.e. update a vulnerable XP to SP2 to become immune to this).

Again, your provided quote does not make clear that only W2k Sp4
is affected, and only if it has IE at IE 6 Sp1, nor does it make clear
that anyone running XP at Sp1 is missing a number of patches (not
released for Sp1) making this issue relatively unimportant for them.

Nope. Windows 2000 AND XP SP1. Not all people out there are running
SP2. Now, without debating if those users should/should not install
SP2, the fact of the matter here was that the patch made them
vulnerable

Aug 22 the bulletin and KB were updated to advise that issues had
been found requiring further quality assurance time.

If you would provide links to the primary information sources rather
than only quotes of third-party digests, people would have the full
info, would not have been mislead in thinking this systemic to more
S/IE combos, people would have had access to recommendations on what
to do and that the patch update is "on the way", and I would not have
needed to correct this.

BS!!! Re-read my post and you will see the quote:

"running Windows 2000 and Windows XP Service Pack 1"

It is clearly represented. You just do not like slashdot but are not
brave enough to admit it

Imhotep

Roger

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Microsoft patch opens users to attack

"The flaw, initially thought to only crash Internet Explorer,
actually
allows an attacker to run code on computers running Windows 2000 and
Windows XP Service Pack 1 that have applied the August cumulative
update to
Internet Explorer 6 Service Pack 1, security firm eEye Digital
Security
told SecurityFocus on Tuesday. The update, released on August 8,
fixed eight security holes but also introduced a bug of its own,
according to
Marc Maiffret, chief hacking officer for the security firm, which
notified Microsoft last week that the issue is exploitable."

No clue about what it is you attempt to discuss.
>>
>Then I will restate:
>A good programmer never guesses. Microsoft screwed up by not testing to
>see
>if XP SP2 was installed *before* installing the patch and as such caused
>people who did not SP2 installed to be vulnerable.
>>
>You just never will admit when Microsoft screws up
>>
However, my comments were, at least where you appear to be taking
issue, centering on fact that it is only the rare exception when a
Windows
security patch is issues for XP Sp1. Those stopped months ago.
An XP Sp1 system is today unpatch relative to a number of
vulnerabilities ipso facto.
>>
>Never the less, as a programmer you never guess. You always
>checknotice I
>said good programmer
>>
>
If that was true, we would never ever need patches because all
venerability's would be spotted in testing

Yes vulnerabilities should be found during testing. However, in the real
World some get by. Really my reply was about testing the *installation*
before installing the patch. What do I mean by this? It is simple. As a
programmer installing a piece of software, the *first* thing you do is make
sure all the componets you need are allready in place. For example, does
the system have the required libraries? Is there enough disk space, etc,
etc. If the check is good *then* you install.

If the patch that Microsoft wrote required SP2 then they should have done
this instead of just guessing and blindly installing it thus making people
vulnerable, yet again.

Certian people like Roger Abell, will try to ignore this with deception and
redirection. Don't fall for it. Anytime you *make* people vulnerable
because you did not take the time to do things right, you screwed up. And
because of this people will get hacked.

Again, my point is do it right the first time.
-- Imhotep

>
>
>>
>

Slim wrote:

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
>Roger Abell [MVP] wrote:
>>

"imhotep" <imhotep@nospam.netwrote in message
@adelphia.com
Roger Abell [MVP] wrote:

Well, guess I better get with the program . . .

was again updated later Aug 23 and now shows that for

the issue some are reporting as (potentially) exploitable,
IE 6 Sp1 without statement limiting to S is impacted.

Is that an apology?

No.

An update.
>>
>>
>Stubborn to the end
>>
>
>
and your proud of it?
>
>-- Imhotep

Read the string of posts. I *was* saything that to Roger Abell:

(You are) stubborn to the end
-- Imhotep