Re: This vulnerability does not affect Windows Vista
Donna Buenaventura (MVP) wrote:
> Microsoft Security Advisory (943521)
> URL Handling Vulnerability in Windows XP and Windows Server 2003
> with Windows Internet Explorer 7 Could Allow Remote Code Execution
> Published: October 10, 2007
>
> Microsoft is investigating public reports of a remote code execution
> vulnerability in supported editions of Windows XP and Windows
> Server 2003 with Windows Internet Explorer 7 installed. We are not
> aware of attacks that try to use the reported vulnerability or of
> customer impact at this time. Microsoft is investigating the public
> reports.
>
> This vulnerability does not affect Windows Vista or any supported
> editions of Windows where Internet Explorer 7 is not installed.
>
> More info at
> http://www.microsoft.com/technet/security/advisory/943521.mspx
mikk wrote:
> Why you're posting this useless message here?
> This vulnerability does not affect Windows Vista.
Milo (MSPSS) wrote:
> 943521 is a security advisory, and such this is a security homeuser
> section which covers every Windows Operating System from windows
> 3.+ to Windows 2008 rc if a home user is using it and I`ve known
> few.
>
> It`s just a general advisory for eveyone - as per specific XP Sp2
> users .
mikk wrote:
> YOU WRONG!
> This vulnerability does not affect Windows Vista.
> Most of MVP are very ignorant!
mikk,
If you feel that the original posting should not have been in a specific
group (one of the many it was cross-posted to) it would be particularly
helpful if you had done one of two possible things:
1) Listed the group to which the message likely should not have been
crossposted into in the body of your message (with the reasoning behind the
lack of need to post it there.)
2) Only responded within the group where the message likely should not have
been crossposted into - that way if you did not use the first method to
clarify your meaning - it would have been obvious which group you were
referring to, and anyone arguing with you in the single-group posted part of
this conversation would have had to re-crosspost the thread you started or
argue about it in the single group you felt wronged in.
For example, if you had posted (crossposted or not) the following, it would
be difficult to argue with:
The original message was posted to:
- microsoft.public.internetexplorer.security
- microsoft.public.officeupdate
- microsoft.public.security.virus
- microsoft.public.windowsupdate
- microsoft.public.security.homeusers
- microsoft.public.windows.vista.security
It was about:
Microsoft Security Advisory: Vulnerability in Windows XP
and Windows Server 2003 URL handling could allow remote
code execution
http://support.microsoft.com/kb/943521
Which, if you follow up and go to the further information on it found here:
http://www.microsoft.com/technet/security/advisory/943521.mspx
(Which was posted in the original posting as well...)
You will see clearly this part of the notification:
"This vulnerability does not affect Windows Vista or any supported editions
of Windows where Internet Explorer 7 is not installed."
Given that - one could argue (quite effectively) that it was not necessary
to post the notification given in the original post to the following groups
from the original list of those crossposted to:
- microsoft.public.officeupdate
- microsoft.public.windows.vista.security
However - as it *may* be important to the people in said newsgroups as well
as those in the obviously relevant newsgroups, it didn't hurt to put them
there too. Chances are those running Vista likely have a Windows XP or
Windows 2003 machine (with Internet Explorer 7 installed) or know someone
who does and those who use Microsoft Office likely have some Microsoft
operating system, one of which may be WIndows 2003 or Windows XP (with
Internet Explorer 7 installed.)
One further note/question for mikk...
I notice that in your replies, you crossposted to all the original locations
excluding:
- microsoft.public.internetexplorer.security
Is there a particular reason for this, or was it perhaps an oversight on
your part?
(Yes - I added it back to this crossposted reply.)
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html