RE: [spam] Re: MS03-040 October cumulative patch for IE

["Exibar" <exibar () thelair com>]

Hi Nick and all!
    I think that this patch fixes the QHOSTS1 hole and perhaps the hole that
caused the Half Life 2 source code to be compromised with.  Valve software
is no doubt a big hitter for Microsoft so I'm sure they complained and MS
listened by releasing this patch.  Which in my opinion is a fix for
MS03-032....

  Exibar

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Nick
FitzGerald
Sent: Saturday, October 04, 2003 1:51 AM
To: full-disclosure () lists netsys com
Subject: [spam] Re: [Full-disclosure] MS03-040 October cumulative patch
for IE


"Jerry Heidtke" <jheidtke () fmlh edu> wrote:

> Just when we got used to Wednesday afternoon security bulletins from
> Microsoft, they decide to release one on Friday evening.
>
> http://www.microsoft.com/technet/security/bulletin/ms03-040.asp
>
> It allegedly fixes the object tag/hta types of vulnerabilities.

Yep -- this deviation from "patches are releasesed on Wednesday"
practice presumably suggests how darn critical MS rates this bug.

You have to wonder though when they'll work out there are thirty-
something others that in various combinations are just as bad...

   http://www.pivx.com/larholm/unpatched/

Perhaps it will take more worms and clearly malicious use such as we
have seen with the Object Data Type flaw, including the associated
media coverage, to get them all fixed too??


--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html