| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Apr 14 03:58:29 2005 From: steve at unixwiz.net (Steve Friedl) Subject: Microsoft April Security Bulletin Webcast BS On Wed, Apr 13, 2005 at 02:24:17PM -0400, Micheal Espinola Jr wrote: > Wow... so, I'm listening to the webcast while doing my work today. I just > heard him (the male presenter) say (three times now) that because some of > the vulnerabilities have *not been publicly disclosed* that they are *not > publicly exploitable*. > *OMFG* No, that's not what he said. After a couple of hours of dicking around with the lousy MS Events website, I finally got to listen to the webcast to hear it for myself. What he said was that they *have not been* publicly exploited, which is to say: there aren't any known public exploits in the wild. Christopher's words match the titling on the slides: Publicly Disclosed: No Publicly Exploited: No I suppose there's an implied "yet" after all of these. Those who care to verify this more carefully than the original poster can do so for themselves can do so from the Microsoft website: http://go.microsoft.com/fwlink/?LinkId=43750 (if you care to wrestle with the registration system) and find his very words at: MS05-016: slide 13, timestamp 6:50 MS05-017: slide 15, timestamp 8:40 MS05-018: slide 18, timestamp 11:10 MS05-019: slide 20, timestamp 12:55 *1 MS05-022: slide 32, timestamp 23:40 *1 = publicly disclosed, but not publicly exploited Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve@...xwiz.net
Powered by blists - more mailing lists