lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1373938716.74356.YahooMailNeo@web160905.mail.bf1.yahoo.com>
Date: Mon, 15 Jul 2013 18:38:36 -0700 (PDT)
From: Zbygniew Prlwytzkofsky <prlwytzkofsky@...oo.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Microsoft ignores serious MSXML update issue

 
 
Firstly,
I hesitated to post to FD,
as the matter does not concern any new vulnerability, but an older issue.
However, as I think it's a serious issue nevertheless, I decided to post anyway.
 
The issue is, in abstract:
For Windows systems on which MSXML 4.0 SP2 is present, MSXML 4.0 SP3 is not offered through Windows/Microsoft Update. And for Windows systems on which MSXML 4.0 SP2 is present and not MSXML 4.0 SP3, security update KB2758694 (was KB2721691) is not offered through Windows/Microsoft Update. I contacted Microsoft and Microsoft made clear it won't do anything to resolve the issue.
 
As Microsoft made clear it won't do anything to resolve the issue, I felt obligated to publish the information on the web, so that as many users as possible can be informed of the issue and can choose to download and install MSXML4 SP3 so that security update KB2758694 (was KB2721691) can be installed to patch the MSXML 4.0 vulnerability.
I have informed Microsoft about that, several times during my correspondence with Microsoft.
 
Last week, I posted at Security.nl, as Spiff.
 
See:
 
Microsoft ignores serious MSXML update issue
https://www.security.nl/artikel/46991/1/MS_ignores_XML_update_issue.html
 
First two parts are in English,
third and fourth part is the same content in Dutch.
 
 
 
Best regards

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ