Full Disclosure mailing list archives
RE: Office 2000 Vulnerability
From: "Jason Bethune" <jbethune () town kentville ns ca>
Date: Wed, 10 Sep 2003 12:58:43 -0300
Yes I have seen pirated copies on clients machines that can have SP1 and SP2 applied but it is tricky and not for the novice user. Once SP1 and Sp2 have been applied it can then be updated fully to all the vulnerabilities. I am sure there are tons of pirated copies floating around that the usual user would not have a clue on how to patch them. Whether it is up to m$ to allow these to be patched is a whole kettle of beans that I will assume they would say if you don't pay for it then $crew you. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Rainer Gerhards Sent: Wednesday, September 10, 2003 11:49 AM To: nick () virus-l demon co uk; full-disclosure () lists netsys com Cc: Andre Lorbach
... I guess this means network administrators have a small window of time tostart patchingup systems before a virus is released. Does anyone know ofa work aroundwhen updating Office 2000 with an update? It asks for theoriginal CD thatOffice was installed from. Any thoughts?Go get the CD from the software safe??
I can see a number of valid reasons for not having the CD at hand... but this also raises some other question. Let's assume someone is using a pirated office version. Or a pirate XP key. Now Microsoft makes it impossible for those to apply patches. This seems to be the case. I am not sure if they deny all patches (someone from MS to comment?). Let's assume they deny providing things like the DCOM patch or this office patch. Now, the pirate machine is unpatched, probably becomes infected and thus is turned into an attacker itself. There are two ways to look at the root cause: #1 the user pirated the software and as such is fully responsible for whatever attack is carried out from his system OR #2 Microsoft knew that this system would carry out malicious action (the denied patching knowingly) and thus is to blame I would tend to #2, Microsoft should provide critical patches even to pirate copies, just to make sure its actual customers are not hit by the pirates, at least not with attacks. Of course, I see there are some good arguments against this... Does anybody know of what they actually do? And then the other vendors... In short: Is piracy becoming a mainstream source for attacks because there is a tendency to deny updates to pirates in the industry? Rainer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Office 2000 Vulnerability Michael De La Cruz (Sep 09)
- Re: Office 2000 Vulnerability Nick FitzGerald (Sep 10)
- Re: Office 2000 Vulnerability Dave Howe (Sep 10)
- Re: Office 2000 Vulnerability Nick FitzGerald (Sep 11)
- Re: Office 2000 Vulnerability Dave Howe (Sep 10)
- <Possible follow-ups>
- RE: Office 2000 Vulnerability Rainer Gerhards (Sep 10)
- RE: Office 2000 Vulnerability Jason Bethune (Sep 10)
- RE: Office 2000 Vulnerability Rainer Gerhards (Sep 10)
- Re: Office 2000 Vulnerability Chris Wanstrath (Sep 10)
- Re: Office 2000 Vulnerability Nick FitzGerald (Sep 10)