lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 12 Jan 2016 16:12:53 +0000
From: Patrick Toomey <ptoomey3@...sedcoin.com>
To: fulldisclosure@...lists.org
Subject: [FD] Whatever happened with CVE-2015-0072?

It seems that this issue was originally disclosed here:
http://seclists.org/fulldisclosure/2015/Feb/0. Eventually a CVE was
assigned: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072 and
then MSFT released a patch:
https://technet.microsoft.com/en-us/library/security/ms15-018.aspx. But,
according to https://blog.innerht.ml/ie-uxss/ (and local testing) it
remains unpatched for Windows 8.1 on IE 11. Do anyone have any insight into
what happened? I haven't seen any follow up to the issue as to why the
patch didn't work (did it ever work and there was a regression or was the
patch always broken)? And, more importantly, has there been any followup
from MSFT? It would seem that Windows 8.1/IE 11 are still eligible for
security updates, so I'm scratching my head on the lack of
communication/patches here.

Thanks!

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ