lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 8 Jul 2003 13:46:52 -0000 From: <m_a_s2mp@...oo.com> To: bugtraq@...urityfocus.com Subject: What Win2k SP4 doesn't fix (security), but says it does... In my testing these security bulleints aren't fixed in Win2k SP4, but are documented that they are at this link: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/news/w2kSP4.asp 1. MS02-053. It fixes the FPSE 2000 vulnerability, but not FPSE 2002. 2. MS03-019. It updates the vulnerable files in only 1 location, not both locations where niislog.dll is stored (\inetpub\scripts and \winnt\system32\windows media\server). 3. MS02-032. It fixes WMP 6.4, but only updates 2 of the 5 vulnerable files in WMP 7.1. 4. MS03-014. It fixes the vulnerability for OE 5.5, but not OE 6.0 SP1. One that did get fixed, but is not documented in the link, is MS01-022 (as of this post). Anyone else find these in their testing?
Powered by blists - more mailing lists