Educause Security Discussion mailing list archives
Re: critical Microsoft fix for download.ject
From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Fri, 2 Jul 2004 15:36:59 -0400
one quick note - this isn't actually a fix. it's a configuration change (i believe a registry hack) that's bundled up in a binary wrapper. as i understand it, the configuration change does limit the exposure to current exploits of the vulnerability, but the original vulnerability does still exist and we should continue to pressure Microsoft to actually fix it. -c On Fri, 2004-07-02 at 15:21, Doug Pearson wrote:
Addressing the recent IE vulnerability known as Download.Ject, aka Scob and Toofer, Microsoft has released a critical update today: http://www.microsoft.com/security/incident/download_ject.mspx Doug Pearson REN-ISAC ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- critical Microsoft fix for download.ject Doug Pearson (Jul 02)
- <Possible follow-ups>
- Re: critical Microsoft fix for download.ject Christopher E. Cramer (Jul 02)
- Re: critical Microsoft fix for download.ject Jordan Wiens (Jul 02)
- Re: critical Microsoft fix for download.ject Gary Flynn (Jul 02)