Microsoft letting Win2k and XP users fend for themselves?

Read through the MS09-048 advisory. See anything out of the ordinary? Read through it again. Notice the asterisks? Looking for a patch for Windows 2000 SP4? Sorry, "No update available". Need a patch for Windows XP SP2, SP3 or Windows XP x64 SP2? You don't need one because it's not vulnerable. Or is it? There's an asterisk - "Default configuration not affected".

In Microsoft's defense, patching Win2k would require the OS to be rearchitected which may introduce stability issues with existing software. But still - if you ask me, the product is under support and now has three unpatched remote exploits. Hopefully on tomorrow's call they can clarify the issue. Maybe it's not as bad as it seems, but as it stands it sounds like Win2k can be DoSed remotely if even a single TCP port is listening - firewalled or not.

They have no defense for Windows XP. Most XP systems I've seen have listening ports. Maybe in the office you are firewalled, but what about road warriors using a hotspot? Can a malicious person head to his/her local Panera and plant a back door on all the Windows machines?

The most important aspect of this post is "what can I do to protect myself?" Well:

• If your platform has a patch, apply it.
• If you can afford it, upgrade machines to a platform that is supported.
• If you have an unsupported platform, use a host firewall to block inbound connecti0ns.
• If you have road warriors, make it a priority to educate them on this issue, how to utilize the firewall when on a public/untrusted network and how to conduct business while out of the office.
  

Hopefully tommorrow Microsoft will offer more details on this and it won't be as bad as it seems. I can think of a few ways of protecting devices but again, the dust needs to settle first. In the meantime, firewall off as many devices as you can and use host firewalls to your advantage.