From: Mike '/m' 


I would expect Microsoft to stop making excuses about the problems in their
development process.  They've been writing software for how many years now?
 And they still have very severe typos in their code of a product that
underwent an extensive security audit.  A product that was delayed to
assure the high level of its security upon release.

Amateurs, simply amateurs.  The best and brightest amateurs around.

 /m

On 17 Jul 2003 21:19:50 GMT, Ellen K  wrote:

>I would have expected this to be tested, the test to fail, and the typo to be
>found at that time.
>
>> From: "Rich" 
>> This is a multi-part message in MIME format.
>> ------=_NextPart_000_00F6_01C34BD4.67E9EE80
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> No.  Windows Server 2003 did.  This bug was a simple typo.  I have no =
>> idea why the title claims it was an unchecked buffer.  It was a checked =
>> buffer but the typo was in the check.
>> Rich
>> "Geo."  wrote in message
news:3f15e283{at}w3.nls.net...
>> didn't xp go thru "a security process like no other"...
>> Geo.
>> "Geo."  wrote in message =
>> news:3f158db5$1{at}w3.nls.net...
>>> http://www.microsoft.com/technet/security/bulletin/MS03-027.asp
>>>
>>> Unchecked Buffer in Windows Shell Could Enable System Compromise =
>> (821557)
>>> Originally posted: July 16, 2003
>>> Summary
>>> Who should read this bulletin: Customers using Microsoft=AE =
>> Windows=AE XP
>>> Impact of vulnerability: Run code of an attacker's choice
>>> Maximum Severity Rating: Important
>>> Recommendation: Customers should install the patch at the earliest
>>> opportunity.
>>> End User Bulletin: An end-user version of this bulletin is available =
>> at:
>>> http://www.microsoft.com/security/security_bulletins/ms03-027.asp
>>> Affected Software: Affected Software:
>>> - Microsoft Windows XP
>>> Not affected Software:
>>> - Microsoft Windows Millennium Edition
>>> - Microsoft Windows NT=AE Server 4.0
>>> - Microsoft Windows NT=AE 4.0, Terminal Server Edition
>>> - Microsoft Windows 2000
>>> - Microsoft Windows Server 2003
>> ------=_NextPart_000_00F6_01C34BD4.67E9EE80
>> Content-Type: text/html;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> 
>> 
>> > charset=3Diso-8859-1">
>> 
>> 
>> 
>> 
>>   
No.  Windows Server =
>> 2003=20
>> did.  This bug was a simple typo.  I have no
idea why the =
>> title claims=20
>> it was an unchecked buffer.  It was a checked buffer but the typo =
>> was in=20
>> the check.
>>  
>> Rich
>>  
>> > style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
>> BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
>> "Geo." <>
href=3D"georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
>> in message > =
>>
href=3D"news:3f15e283{at}w3.nls.net">news:3f15e283{at}w3.nls.net...
>> didn't xp go thru "a security process like no=20
>>
other"...Geo."Geo."
<>
href=3D"georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote in =
>> message > =
>>
href=3D"news:3f158db5$1{at}w3.nls.net">news:3f158db5$1{at}w3.nls.net...=
>> > > =
>>
href=3D"
>>
&g" target="new">http://www.microsoft.com/technet/security/bulletin/MS03-027.asp&g=
>> t;>=20
>> Unchecked Buffer in Windows Shell Could Enable System Compromise=20
>> (821557)> Originally posted: July 16,
2003> =
>> Summary> Who=20
>> should read this bulletin: Customers using Microsoft=AE Windows=AE =
>> XP>=20
>> Impact of vulnerability: Run code of an attacker's
choice> =
>> Maximum=20
>> Severity Rating: Important> Recommendation:
Customers should =
>> install=20
>> the patch at the earliest>
opportunity.> End User =
>> Bulletin: An=20
>> end-user version of this bulletin is available
at:> > =
>>
href=3D"http://www.microsoft.com/security/security_bulletins/ms03-027.asp=
>>
">http://www.microsoft.com/security/security_bulletins/ms03-027.asp=
>>> >=20
>> Affected Software: Affected Software:> -
Microsoft Windows =
>> XP
>> > Not affected Software:> -
Microsoft Windows =
>> Millennium=20
>> Edition> - Microsoft Windows NT=AE Server
4.0> - =
>> Microsoft Windows=20
>> NT=AE 4.0, Terminal Server Edition> - Microsoft Windows =
>> 2000> -=20
>> Microsoft Windows Server
2003

--- BBBS/NT v4.01 Flag-4