Re: More information on ZERT patch for ANI 0day

["Jason Frisvold" <xenophage0 () gmail com>]

On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<sbradcpa () pacbell net> wrote:
> the community need that they are reacting to.  Gadi and the crew work
> hard and have my respect for their efforts.

Agreed.  Previous patches worked as advertised with no adverse side
effects here.

> If you are willing to evaluate the eEye patch, Zert's should be higher
> on your list as well since reportedly it works better than eEye's.

eEye's patch only protects from attacks outside of %systemroot%.  If
an attacker can place a vulnerable file within %systemroot%, all bets
are off.

ZERT's patch, on the other hand, protects regardless of where the file
is located.  It specifically prevents the stack overflow condition by
blocking chunks larger than 36 bytes from being copied.

> Regardless it's a moot point.  The real patch is out.
> Install that one.  It's on Windows update now.

ISC is reporting problems with the Microsoft patch.  A problem with
the Realtek HD Audio Control Panel has been confirmed and patched by
Microsoft.  Other problems have been reported but no additional
information on them has been released at this point.,

--
Jason 'XenoPhage' Frisvold
XenoPhage0 () gmail com
http://blog.godshell.com