| -----Original Message----- | From: Richard M. Smith [mailto:rms@computerbytesman.com] | Sent: Wednesday, December 26, 2001 10:04 AM | To: bugtraq@securityfocus.com | Subject: Too much misleading advice on the Universal Plug-and-Play | security hole | | | Hi, | | The more I look at the security problems in the Universal Plug-and-Play | (UPNP) feature of Windows, the more I think it is a big mistake to | characterized them as Windows XP problems. It is entirely possible that | there are more Windows ME (Millennium Edition) users who are vulnerable | to the security hole than XP users. The risk here is that Windows ME | users won't get the Microsoft patch because they assume the problems are | only for XP given most of the press coverage so far. <snip> | | Richard M. Smith | http://www.computerbytesman.com Good to try to clear things up like that however you just confused people even more again. Windows 98 is also affected yet you fail to mention it. Once again for those of us that missed it in Microsoft's bulletin the first time: Affected Software: Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows XP That means, and as I've said to one to many reporters, if you or someone you know is running Windows 98/ME/XP then you/they need to install the patch. Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
