Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Microsoft Volume Licensing infringement?

from [Robert Kim Wireless Internet Advisor] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Microsoft Volume Licensing infringement?
Date: Mon, 30 Jan 2006 17:48:14 -0800 
Steve, good point. thx

On 1/30/06, Steve Friedl <steve@unixwiz.net> wrote:

On Mon, Jan 30, 2006 at 06:15:23PM -0600, Randall M wrote:

Anyone on here get an email from MS volume licensing services stating that
all XP office and 2003 professional needs updated to remove the 3rd party
Patent infringement?


Yes, its seems to be the real deal. I can't find the announcement on
Microsoft's site, but this one is representative of the ones I've seen.

       http://www.msd.uga.edu/announcement.php?news_item_id=1050

       Microsoft Office: Action Required

       (01-27-06) - Background and Summary

       A recent decision from a court case has determined that
       certain portions of code found in Microsoft Office Professional
       Edition 2003, Microsoft Office Access 2003, Microsoft Office
       XP Professional and Microsoft Office Access 2002 infringe a
       third-party patent.  As a result, Microsoft must make available
       a revised version of these products with the allegedly infringing[*]
       code replaced.


       ...

It references a KB article on the Microsoft site which talks about Office
SP2 removing certain features:

       http://support.microsoft.com/default.aspx/kb/904953/

       ...
       Because of legal issues, Microsoft has disabled the functionality in
       Access 2003 and in Access 2002 that let users change the data in linked
       tables that point to a range in an Excel workbook. However, when you
       make changes directly in the Excel workbook, the changes appear in
       the linked table in Access.


Volume licensees are *required* to install Office SP2 with new deployments,
but are only *requested* to do so for existing deployments. I'm not sure
that they can require anybody else to do this, though bundling the "fix"
in with other stuff which was released months ago means that lots of people
probably have it by now.

I think this undermines a lot of the perceived benefits of Microsoft's
indemnification, which is one of their features over open source. It
doesn't mean they'll go to the mat for the users, it just means that
they'll quietly disable functionality and tell us about it we've installed
the service pack containing the disablement.

Anybody can do *that*.

Steve

[*] Seen elsewhere: "allegedly infringing"? If a court ruled, it's not 
"alleged"
   any more.

---
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve@unixwiz.net

--
Robert Q Kim, Wireless Internet Advisor
http://evdo-coverage.com/cellular-repeater.html
http://hsdpa-coverage.com

2611 S. Pacific Coast Highway 101
Suite 102
Cardiff by the Sea, CA 92007
206 984 0880
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Microsoft Volume Licensing infringement?, Steve Friedl
Next by Date:  Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability, George A. Theall
Previous by Thread:  Re: [Full-disclosure] Microsoft Volume Licensing infringement?, Steve Friedl
Next by Thread:  [Full-disclosure] Proof of concept for CommuniGate Pro Server vulnerability, Evgeny Legerov
Indexes:  [Date] [Thread] [Top] [All Lists]