lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <NMEAJDJMDLJLOIOCIKJJMEKPDPAA.exibar@thelair.com>
From: exibar at thelair.com (Exibar)
Subject: [spam] Re: MS03-040 October cumulative patch for IE

Hi Nick and all!
    I think that this patch fixes the QHOSTS1 hole and perhaps the hole that
caused the Half Life 2 source code to be compromised with.  Valve software
is no doubt a big hitter for Microsoft so I'm sure they complained and MS
listened by releasing this patch.  Which in my opinion is a fix for
MS03-032....

  Exibar

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Nick
FitzGerald
Sent: Saturday, October 04, 2003 1:51 AM
To: full-disclosure@...ts.netsys.com
Subject: [spam] Re: [Full-Disclosure] MS03-040 October cumulative patch
for IE


"Jerry Heidtke" <jheidtke@...h.edu> wrote:

> Just when we got used to Wednesday afternoon security bulletins from
> Microsoft, they decide to release one on Friday evening.
>
> http://www.microsoft.com/technet/security/bulletin/ms03-040.asp
>
> It allegedly fixes the object tag/hta types of vulnerabilities.

Yep -- this deviation from "patches are releasesed on Wednesday"
practice presumably suggests how darn critical MS rates this bug.

You have to wonder though when they'll work out there are thirty-
something others that in various combinations are just as bad...

   http://www.pivx.com/larholm/unpatched/

Perhaps it will take more worms and clearly malicious use such as we
have seen with the Object Data Type flaw, including the associated
media coverage, to get them all fixed too??


--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ