Full Disclosure mailing list archives
Re: MS03-040 October cumulative patch for IE
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 04 Oct 2003 17:50:34 +1200
"Jerry Heidtke" <jheidtke () fmlh edu> wrote:
Just when we got used to Wednesday afternoon security bulletins from Microsoft, they decide to release one on Friday evening. http://www.microsoft.com/technet/security/bulletin/ms03-040.asp It allegedly fixes the object tag/hta types of vulnerabilities.
Yep -- this deviation from "patches are releasesed on Wednesday" practice presumably suggests how darn critical MS rates this bug. You have to wonder though when they'll work out there are thirty- something others that in various combinations are just as bad... http://www.pivx.com/larholm/unpatched/ Perhaps it will take more worms and clearly malicious use such as we have seen with the Object Data Type flaw, including the associated media coverage, to get them all fixed too?? -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MS03-040 October cumulative patch for IE Jerry Heidtke (Oct 03)
- Re: MS03-040 October cumulative patch for IE Nick FitzGerald (Oct 04)
- RE: [spam] Re: MS03-040 October cumulative patch for IE Exibar (Oct 04)
- Re: MS03-040 October cumulative patch for IE Nick FitzGerald (Oct 04)