funsec mailing list archives

Re: MS Update coming today

From: Matthew Murphy <mattmurphy () kc rr com>
Date: Thu, 05 Jan 2006 14:34:29 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

According to my MSRC source, the patch has hit WU now.  The bulletin is
up as we speak:

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

My tests indicate the updates are up as well:

Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?familyid=AA9E27BD-CB9A-4EF1-92A3-00FFE7B2AC74

Windows XP SP1/SP2
http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E-B89B-215B7BB4D8E9

Windows XP x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=3A1166E6-5E9E-4E73-BCD4-28ECA6ECE877

Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1584AAE0-51CE-47D6-9A03-DB5B9077F1F2

Windows Server 2003 for Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E372D41-2C16-415E-8306-A5CA8845CC09

Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=A8F4DCBA-5D28-4D9D-A6A4-3B71108CFE2D

There is *NO PATCH* for Windows 98, Windows 98 SE, or Windows Me at this
time.

A quick study of the bulletin reveals this from the FAQ:

"Specifically, the change introduced to address this vulnerability
removes the support for the SETABORTPROC record type from the
META_ESCAPE record in a WMF image. This update does not remove support
for ABORTPROC functions registered by application SetAbortProc() API calls."

So, IOW, it's the same functionality as in Ilfak's patch, minus the hook.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDvYLVfp4vUrVETTgRA8cjAJ9N2FN8EqfY5gxj2AXnB8mphR1wRACgitGS
ADPT0SfacaZokDWz4xwy6Ec=
=AdPQ
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

mal blogs use, take #2 Gadi Evron (Jan 05)
- Re: mal blogs use, take #2 Roland Dobbins (Jan 05)
  - Re: mal blogs use, take #2 Gadi Evron (Jan 05)
    - MS Update coming today Larry Seltzer (Jan 05)
    - Re: MS Update coming today Matthew Murphy (Jan 05)
    - Re: MS Update coming today Jeff Kell (Jan 05)
    - Re[2]: MS Update coming today Pierre Vandevenne (Jan 05)
    - Re: MS Update coming today Gadi Evron (Jan 05)
    - MS Update Has Arrived Larry Seltzer (Jan 05)
    - RE: MS Update coming today Larry Seltzer (Jan 05)
    - Re: MS Update coming today Matthew Murphy (Jan 05)
    - RE: MS Update coming today Larry Seltzer (Jan 05)
    - RE: MS Update coming today Barrie Dempster (Jan 05)
    - RE: MS Update coming today Randy Abrams (Jan 06)
    - Re: MS Update coming today Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)
    - Re[2]: MS Update coming today Pierre Vandevenne (Jan 05)
    - RE: MS Update coming today Gary Funck (Jan 05)
    - Re: MS Update coming today H D Moore (Jan 05)
- <Possible follow-ups>
- RE: mal blogs use, take #2 Todd Towles (Jan 05)
  - Re: mal blogs use, take #2 Gadi Evron (Jan 05)
- RE: mal blogs use, take #2 Todd Towles (Jan 05)