lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: des_ward at o2.co.uk (Des Ward)
Subject: Official IFRAME patch - make sure it installs correctly

That would make sense, seeing as M$ stated on the deployment of Sp1 that patches would start to be released only for that patch or greater.
-----Original Message-----
From: "Todd Towles" <toddtowles@...okshires.com>
Date: Thu, 2 Dec 2004 08:07:10 
To:"BillyBob" <billybobknob@...mail.com>,       "Berend-Jan Wever" <skylined@...p.tudelft.nl>,       <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: RE: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly

As stated in the FAQ of the patch page. It would appear the new baseline
for all future patches will be SP1 unless they decided to change it.

------------------------------------
 I am still using Windows XP, but extended security update support ended
on September 30th, 2004. What should I do?

The original version of Windows XP, commonly referred to as Windows XP
Gold or Windows XP Release to Manufacturing (RTM) version, reached the
end of its extended security update support life cycle on September
30th, 2004. 

It should be a priority for customers who have these operating system
versions to migrate to supported versions to prevent potential exposure
to future vulnerabilities. For more information about the Windows
Product Life Cycle, visit the Microsoft Support Lifecycle Web site. For
more information about the extended security update support period for
these operating system versions, visit the Microsoft Product Support
Services Web site.

Customers who require additional support for Windows XP RTM must contact
their Microsoft account team representative, their Technical Account
Manager, or the appropriate Microsoft partner representative for custom
support options. Customers without an Alliance, Premier, or Authorized
Contract can contact their local Microsoft sales office. For contact
information, visit the Microsoft Worldwide Information Web site, select
the country, and then click Go to see a list of phone numbers. When you
call, ask to speak with the local Premier Support sales manager.

For more information, see the Windows Operating System FAQ.
------------------------------------



> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of BillyBob
> Sent: Thursday, December 02, 2004 7:07 AM
> To: Berend-Jan Wever; full-disclosure@...ts.netsys.com; 
> bugtraq@...urityfocus.com
> Subject: Re: [Full-Disclosure] Official IFRAME patch - make 
> sure it installs correctly
> 
> Does anyone know why Microsoft does not have this patch 
> available for XP (no
> SP) running IE6 ?
> I know this system is vulnerable to the IFRAME exploit as I tested it.
> 
> Bill
> 
> ----- Original Message -----
> From: "Berend-Jan Wever" <skylined@...p.tudelft.nl>
> To: <full-disclosure@...ts.netsys.com>; <bugtraq@...urityfocus.com>
> Sent: Wednesday, December 01, 2004 8:49 PM
> Subject: [Full-Disclosure] Official IFRAME patch - make sure 
> it installs correctly
> 
> 
> > The IFRAME vulnerability has been patched, see
> http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
> >
> > *** Make sure you are patched after installing *** I installed it 
> > using "Automatic Updates" (on Win2ksp4), rebooted and
> loaded my InternetExploiter.html: IT STILL WORKED!!
> > Even though both "Automatic Updates" and
> "http://windowsupdate.microsoft.com" reported that I was patched!?!
> > I manually downloaded the exe and ran it, rebooted and now 
> I'm finally
> truely patched.
> >
> > It might just have been a glitch on my system, but you might wanna 
> > check
> anyway: InternetExploiter.html can still be downloaded from 
> my website.
> >
> > Berend-Jan Wever
> > <skylined@...p.tudelft.nl>
> > http://www.edup.tudelft.nl/~bjwever
> > SkyLined in #SkyLined on EFNET
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Kind regards,

Des Ward


Powered by blists - more mailing lists