From: "Geo." 

"Adam Flinton"  wrote in
message news:109399.6238cd{at}harborwebs.com...

> The problem I have is that "Windows" is a marketing name applied to
everything
> from Windows 1.0 through to WinXP & Win2KS3. It's simply not a single OS
but a
> whole raft of em from a DOS Shellto NT to WinCE. It's like saying that
because
> IBM supports Linux hence they could market AIX,OS400,OS390 & PCDOS as
"linux".
> Linux is an operating system where Windows is a maleable marketing term.

Directory services is part of W2Kserver and not part of W2Kpro, both
versions of W2K are simply different distributions of the exact same
kernel. Only the server distribution would be exploitable by a DS exploit.

Is it a windows exploit or not?

> i.e in the case of MS it's all "Windows" (for marketing
terms). However if
> there is a hole that affects all reasonably modern versions (i.e. thouse
still
> likely to be in use) then it's a Windows hole. If it affects all the NT
> versions then it's a Windows NT hole. If it only affects XP then it's an
XP
> hole.

So you seem to be saying a DS exploit would be a W2Kserver and 2003server
exploit but not a "windows" exploit. Go tell them that on /.

> Take your example & see it from another direction. If It only affect
Win2KS & I
> have XP then I could argue that since I am running Windows & I don't have
that
> vuln then there is no "windows" vuln coz I have
"Windows" & yet I don't
have a
> vuln.

Yes you could argue that, likewise if you and I are running RH with
different kernel versions and there is an exploit that affects your version
but not mine then I could claim it's not a RH exploit. I'd be wrong but I
see the logic you are trying to use.

> Do I need to patch my Windows system if I'm running XP & it's a DS vuln?

Nope, you don't have to patch an IIS exploit if you aren't running IIS
either, and if you don't have SQLserver you don't have to patch that, and
if you don't have DCOM you don't have to patch that, and if you don't have
IE (it was optional on NT4) you don't have to patch that, and if you don't
have OE or NetBIOS or NTFS then you don't have to patch any of those
either. SO I GUESS THERE ARE VIRTUALLY NO WINDOWS EXPLOITS with the
possible exception of RPCSS...

That's the logic you are using with this "just linux" line of
reasoning. That's why I think it's silly to even try to define
"OS", it's much more relevant to discuss product flaws as flaws
in anything that's contained in the product. That means if we are talking
RH exploits that includes exploits for everything in the RH package be it a
word processor or a tcp stack, if it's part of "RH the product"
then it counts.

Geo.

--- BBBS/NT v4.01 Flag-5