[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1373938716.74356.YahooMailNeo@web160905.mail.bf1.yahoo.com>
Date: Mon, 15 Jul 2013 18:38:36 -0700 (PDT)
From: Zbygniew Prlwytzkofsky <prlwytzkofsky@...oo.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Microsoft ignores serious MSXML update issue
Firstly,
I hesitated to post to FD,
as the matter does not concern any new vulnerability, but an older issue.
However, as I think it's a serious issue nevertheless, I decided to post anyway.
The issue is, in abstract:
For Windows systems on which MSXML 4.0 SP2 is present, MSXML 4.0 SP3 is not offered through Windows/Microsoft Update. And for Windows systems on which MSXML 4.0 SP2 is present and not MSXML 4.0 SP3, security update KB2758694 (was KB2721691) is not offered through Windows/Microsoft Update. I contacted Microsoft and Microsoft made clear it won't do anything to resolve the issue.
As Microsoft made clear it won't do anything to resolve the issue, I felt obligated to publish the information on the web, so that as many users as possible can be informed of the issue and can choose to download and install MSXML4 SP3 so that security update KB2758694 (was KB2721691) can be installed to patch the MSXML 4.0 vulnerability.
I have informed Microsoft about that, several times during my correspondence with Microsoft.
Last week, I posted at Security.nl, as Spiff.
See:
Microsoft ignores serious MSXML update issue
https://www.security.nl/artikel/46991/1/MS_ignores_XML_update_issue.html
First two parts are in English,
third and fourth part is the same content in Dutch.
Best regards
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists