Full Disclosure mailing list archives
RE: BAD NEWS: Microsoft Security Bulletin MS03-032
From: "Thor Larholm" <thor () pivx com>
Date: Mon, 8 Sep 2003 16:36:00 -0700
Updated antivirus will only catch specific instances of POC code, not any actual reallife exploitation which easily differ significantly in footprint and signature. It's been a constant nuisance the last few years that whenever you release any kind of POC the AV vendors will label it as a virus and have their customers feel safe whenever they try to demonstrate publicly available POC code, while still doing nothing to hinder exploitation of the actual vulnerability. AV vendors should realize that their approach to security often will lead to greater insecurity, I have no count of the number of people writing me and telling me they would not install a potentially systemdamaging patch since my public POC didn't work anyway on their system because of their superior AV product. Out of sight, out of mind.. Regards Thor Larholm PivX Solutions, LLC - Senior Security Researcher -----Original Message----- From: ADBecker () chmortgage com [mailto:ADBecker () chmortgage com] Sent: Monday, September 08, 2003 12:17 PM Subject: RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Updated antivirus software should catch this exploit and prevent any application from being launched. We have McAfee VirusScan 7 Ent. which caught both exploit examples at http://greymagic.com/adv/gm001-ie/ Andrew Becker C.H. Mortgage, D.R. Horton Phoenix IT/MIS Department Phone: (866) 639-7305 Fax: (480) 607-5383 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032, (continued)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 morning_wood (Sep 08)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 http-equiv () excite com (Sep 08)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 Fabio Gomes de Souza (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nick Jacobsen (Sep 07)
- FW: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 GreyMagic Software (Sep 08)
- Re: [VulnWatch] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Thomas Kristensen (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 ADBecker (Sep 08)
- Re: RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nick FitzGerald (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Thor Larholm (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nathan Wallwork (Sep 09)
- (Patch Updated) Microsoft Security Bulletin MS03-032 Jim (Sep 09)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Drew Copley (Sep 10)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 Crist J. Clark (Sep 12)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Drew Copley (Sep 12)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 morning_wood (Sep 08)
- Re: RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Dimitri Limanovski (Sep 10)