<div>I'm not sure I see why we need a 3rd-party patch so urgently. The mitigation described by MS works and is fairly painless, so presumably you'd start with that if you are running DNS, and then wait for the patch from MS?
</div>
<div> </div>
<div>I agree that it was only a matter of time before hackers identified the flaw - either using the info on the ISC diary page or from MS's advisory. Perhaps saying that it was a stack BO made it a *little* easier to find, but that would be the obvious thing to start looking for in the first place.
</div>
<div> </div>
<div>Tucker.</div><br><br>
<div><span class="gmail_quote">On 4/16/07, <b class="gmail_sendername">Dave Aitel</b> <<a href="mailto:dave@immunityinc.com">dave@immunityinc.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>I'm off to class - today is niprint day! But I did have a comment on
<br>Ryan Naraine's latest article[1], which is this: Hackers don't need<br>hints from Microsoft's advisories.<br><br>Anyways, all those people with spare time need to step up with their<br>third party patches! Time is of the essence people! Eventually these
<br>patches will be put out by the hacker groups themselves, to keep the<br>milw0rm crowd from re-owning their boxes.<br><br>- -dave<br>[1] <a href="http://blogs.zdnet.com/security/?p=167">http://blogs.zdnet.com/security/?p=167
</a><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.6 (GNU/Linux)<br><br>iD8DBQFGJGPetehAhL0gheoRAt73AJ9SKXbtxwBRPtpXMUu+u9KxqrgIwACeNwyd<br>c9s7HYOfdDXQjHgprm5dFPw=<br>=SwE/<br>-----END PGP SIGNATURE-----<br><br>
_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunitysec.com">Dailydave@lists.immunitysec.com</a><br><a href="http://lists.immunitysec.com/mailman/listinfo/dailydave">
http://lists.immunitysec.com/mailman/listinfo/dailydave</a><br></blockquote></div><br>