Educause Security Discussion mailing list archives

Re: critical Microsoft fix for download.ject

From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Fri, 2 Jul 2004 15:36:59 -0400

one quick note - this isn't actually a fix.  it's a configuration change
(i believe a registry hack) that's bundled up in a binary wrapper.  as i
understand it, the configuration change does limit the exposure to
current exploits of the vulnerability, but the original vulnerability
does still exist and we should continue to pressure Microsoft to
actually fix it.

-c

On Fri, 2004-07-02 at 15:21, Doug Pearson wrote:

Addressing the recent IE vulnerability known as Download.Ject, aka Scob and Toofer, Microsoft has released a critical 
update today:
http://www.microsoft.com/security/incident/download_ject.mspx

Doug Pearson
REN-ISAC

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

critical Microsoft fix for download.ject Doug Pearson (Jul 02)
- <Possible follow-ups>
- Re: critical Microsoft fix for download.ject Christopher E. Cramer (Jul 02)
- Re: critical Microsoft fix for download.ject Jordan Wiens (Jul 02)
- Re: critical Microsoft fix for download.ject Gary Flynn (Jul 02)