lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 14 00:36:59 2006 From: juha-matti.laurio at netti.fi (Juha-Matti Laurio) Subject: Some thoughts about MS06-027 Winword.exe timestamps After examining new MS advisories the time stamps of executables included to MS06-027 http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx are interesting. First warnings about this 0-day vulnerability in Word were published on 19th May, referring to Internet Storm Center Diary entry. ISC made a great job during these weeks. When looking into Security Update Information section -> Manual Client Installation Information -> Client Installation File Information) we have the following Winword.exe information: Word 2003 - 15-May-2006 Word 2002 - 12-May-2006 Word 2000 - 16-May-2006 The updated, non-affected Winword.exe for Word version 2002 was ready (and passed some MS release tests) exactly a week before first public warnings. Like we know some targeted attacks to companies in China area has been reported. After updating my Word installation file information of C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE says 11.5 Mb, 15th May 2006, revision 11.0.8026.0. Localized, Finnish update package was used. New security advisory lists Shih-hao Weng of Information & Communication Security Technology Center, Taiwan (http://www.icst.org.tw/ ) as reporter of this issue. He was mentioned at Credit section of Windows Color Management Module advisory MS05-036 too. Big thanks goes to him as well. BTW: MS06-027 lists Word Viewer 2003 (newest available) as affected too. Using viewer utilities was mentioned as one of the workarounds in May. I'm not saying Microsoft was hiding something, I believe that attacks has been limited. Additionally, possibly Microsoft recommended target organizations not to use Word until fix is available. - Juha-Matti
Powered by blists - more mailing lists