[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200211230934.gAN9Yc7253926@milan.maths.usyd.edu.au>
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: MS02-065 vulnerability
HggdH <hggdh@...bi.com> wrote:
> . From: "Paul Szabo" <psz@...hs.usyd.edu.au>
> . [[ MS02-065 is ] Just as exploitable after the patch. ]
>
> Quoting: "What steps could I follow to prevent the control from being
> silently re-introduced onto my system? The simplest way is to make sure you
> have no trusted publishers, including Microsoft."
The work-arounds suggested by Microsoft probably work. They might even
"come clean" and suggest to disable ActiveX, or even go as far as to ask
users to "get off" IE (and use Netscape or Mozilla or whatever), or to
upgrade to Linux.
The fact remains that installing the patch does not protect the (IE) user.
> . Is this what Microsoft calls "responsible disclosure"?
>
> The real interesting part, for me, is that the trust on the trusting
> mechanism has been shattered. Finally.
Agreed.
Cheers,
Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
Powered by blists - more mailing lists