lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: exibar at thelair.com (Exibar) Subject: [spam] Re: MS03-040 October cumulative patch for IE Hi Nick and all! I think that this patch fixes the QHOSTS1 hole and perhaps the hole that caused the Half Life 2 source code to be compromised with. Valve software is no doubt a big hitter for Microsoft so I'm sure they complained and MS listened by releasing this patch. Which in my opinion is a fix for MS03-032.... Exibar -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Nick FitzGerald Sent: Saturday, October 04, 2003 1:51 AM To: full-disclosure@...ts.netsys.com Subject: [spam] Re: [Full-Disclosure] MS03-040 October cumulative patch for IE "Jerry Heidtke" <jheidtke@...h.edu> wrote: > Just when we got used to Wednesday afternoon security bulletins from > Microsoft, they decide to release one on Friday evening. > > http://www.microsoft.com/technet/security/bulletin/ms03-040.asp > > It allegedly fixes the object tag/hta types of vulnerabilities. Yep -- this deviation from "patches are releasesed on Wednesday" practice presumably suggests how darn critical MS rates this bug. You have to wonder though when they'll work out there are thirty- something others that in various combinations are just as bad... http://www.pivx.com/larholm/unpatched/ Perhaps it will take more worms and clearly malicious use such as we have seen with the Object Data Type flaw, including the associated media coverage, to get them all fixed too?? -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists