Bugtraq mailing list archives

Re: Microsoft Critical Updater Security

From: shamrock () NETCOM COM (Lucky Green)
Date: Sun, 24 Jan 1999 14:15:49 -0800


When I went through the same procedure, Critical Update installed a new
version of the Critical Update control upon accessing the update site.
However, it did ask me if I wanted to install it. Perhaps you once clicked
the "Always trust software from Microsoft Corporation" in the Authenticode
popup? In that case, code signed by Microsoft might auto-install.

--Lucky Green <shamrock () netcom com>
  PGP 5.x  encrypted email preferred

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of
Erik Parker
Sent: Saturday, January 23, 1999 03:34
To: BUGTRAQ () netspace org
Subject: Microsoft Critical Updater Security

[...]

Well, The popup says "Hey, critical update available, shall
we go check
it out?". Iexplorer opens up (note, you can't use netscape
for updating).

It took longer to load than usual, because it downloaded and
installed..

Current thread:

L0pht Security Advisory on NT Password Appraiser Dr. Mudge (Jan 20)
- Re: L0pht Security Advisory on NT Password Appraiser Chris Maresca (Jan 21)
- L0pht Security Advisory on NT Password Appraiser David Damerell (Jan 22)
- Microsoft Critical Updater Security Erik Parker (Jan 23)
  - Re: Microsoft Critical Updater Security Lucky Green (Jan 24)
- linux crashes irix6.3 II Philipp Schott (Jan 23)