Hi Susan, > Read the bulletin. There's no patch. It is deemed by Microsoft to be of > low impact and thus no patch has been built. I don't know how I missed that XP/SP2 and above were not being patched. It appears that my two references are worhtless... I used to use them in position papers! * http://support.microsoft.com/gp/lifepolicy * http://support.microsoft.com/gp/lifeselect Jeff On Tue, Sep 15, 2009 at 5:24 PM, Susan Bradley <sbradcpa@xxxxxxxxxxx> wrote: > Read the bulletin. There's no patch. It is deemed by Microsoft to be of > low impact and thus no patch has been built. > > Jeffrey Walton wrote: >> >> Hi Aras, >> >> >>> >>> Given that M$ has officially shot-down all current Windows XP users by >>> not >>> issuing a patch for a DoS level issue, >>> >> >> Can you cite a reference? >> >> Unless Microsoft has changed their end of life policy [1], XP should >> be patched for security vulnerabilities until about 2014. Both XP Home >> and XP Pro's mainstream support ended in 4/2009, but extended support >> ends in 4/2014 [2]. Given that we know the end of extended support, >> take a look at bullet 17 of [1]: >> >> 17. What is the Security Update policy? >> >> Security updates will be available through the end of the Extended >> Support phase (five years of Mainstream Support plus five years of >> the Extended Support) at no additional cost for most products. >> Security updates will be posted on the Microsoft Update Web site >> during both the Mainstream and the Extended Support phase. >> >> >>> >>> I realize some of you might be tempted to relay the M$ BS about "not >>> being >>> feasible because it's a lot of work" rhetoric... >>> >> >> Not at all. >> >> Jeff >> >> [1] http://support.microsoft.com/gp/lifepolicy >> [2] http://support.microsoft.com/gp/lifeselect >> >> On Tue, Sep 15, 2009 at 2:46 PM, Aras "Russ" Memisyazici >> <nowhere@xxxxxxxxxxx> wrote: >> >>> >>> Hello All: >>> >>> Given that M$ has officially shot-down all current Windows XP users by >>> not >>> issuing a patch for a DoS level issue, I'm now curious to find out >>> whether >>> or not any brave souls out there are already working or willing to work >>> on >>> an open-source patch to remediate the issue within XP. >>> >>> I realize some of you might be tempted to relay the M$ BS about "not >>> being >>> feasible because it's a lot of work" rhetoric... I would just like to >>> hear >>> the thoughts of the true experts subscribed to these lists :) >>> >>> No harm in that is there? >>> >>> Aras "Russ" Memisyazici >>> Systems Administrator >>> Virginia Tech >>> >>> >>> >> >> > >
