lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed Jun 14 00:36:59 2006
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: Some thoughts about MS06-027 Winword.exe
	timestamps

After examining new MS advisories the time stamps of executables included to MS06-027 http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx are interesting. First warnings about this 0-day vulnerability in Word were published on 19th May, referring to Internet Storm Center Diary entry. ISC made a great job during these weeks.

When looking into Security Update Information section -> Manual Client Installation Information -> Client Installation File Information) we have the following Winword.exe information:

Word 2003 - 15-May-2006
Word 2002 - 12-May-2006
Word 2000 - 16-May-2006

The updated, non-affected Winword.exe for Word version 2002 was ready (and passed some MS release tests) exactly a week before first public warnings. Like we know some targeted attacks to companies in China area has been reported.

After updating my Word installation file information of C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE says 11.5 Mb, 15th May 2006, revision 11.0.8026.0. Localized, Finnish update package was used.

New security advisory lists Shih-hao Weng of Information & Communication Security Technology Center, Taiwan (http://www.icst.org.tw/ ) as reporter of this issue. He was mentioned at Credit section of Windows Color Management Module advisory MS05-036 too. Big thanks goes to him as well.

BTW: MS06-027 lists Word Viewer 2003 (newest available) as affected too. Using viewer utilities was mentioned as one of the workarounds in May.

I'm not saying Microsoft was hiding something, I believe that attacks has been limited. Additionally, possibly Microsoft recommended target organizations not to use Word until fix is available.


- Juha-Matti

Powered by blists - more mailing lists