lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 8 Jul 2003 13:46:52 -0000
From: <m_a_s2mp@...oo.com>
To: bugtraq@...urityfocus.com
Subject: What Win2k SP4 doesn't fix (security), but says it does...




In my testing these security bulleints aren't fixed in Win2k SP4, 
but are documented that they are at this link:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/w2kSP4.asp

1. MS02-053. It fixes the FPSE 2000 vulnerability, but 
not FPSE 2002.

2. MS03-019. It updates the vulnerable files in only 1 
location, not both locations where niislog.dll is stored 
(\inetpub\scripts and \winnt\system32\windows 
media\server).

3. MS02-032. It fixes WMP 6.4, but only updates 2 of the 
5 vulnerable files in WMP 7.1.

4. MS03-014. It fixes the vulnerability for OE 5.5, but not 
OE 6.0 SP1.

One that did get fixed, but is not documented in the 
link, is MS01-022 (as of this post).

Anyone else find these in their testing?


Powered by blists - more mailing lists