funsec mailing list archives
Re: Escapee from Redmond (was: Huh? Microsoft pre-release release: WMF patch?)
From: Kevin McAleavey <kevinmca () nsclean com>
Date: Wed, 04 Jan 2006 01:17:21 -0500
It was posted to DSL Reports earlier. We obtained a copy of it to see if it was actually malware - turned out to be from Microsoft "for real" and contained "WindowsXP-KB912919-x86-ENU.exe" within a ZIP file. We fed it to a few lab rats and it wanted to write to a strange new folder on a D: drive. So we ran it on a couple of lab rats that HAD a D: drive. Setup began, wham! BSOD that would have made NT 3.5 proud. "kernel-in-page" error and the world latched. Hard reboot and the "you've been naughty" check of the D: drive every time. :) I can see why they were a bit miffed at it escaping Redmond. Heh. At 11:08 PM 1/3/06, Unca Fergie wrote:
Anyone know what's up with this? [snip] In our effort to put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site. There has been some discussion and pointers on subsequent sites to the pre-release code. We recommend that customers disregard the postings and continue keep up-to-date with our latest information on the WMF issue at http://www.microsoft.com/technet/security/advisory/912840.mspx. [snip] http://blogs.technet.com/msrc/archive/2006/01/04/416847.aspx - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
---------------------------------------------------- BOClean Antimalware division Privacy Software Corporation http://www.nsclean.com support () nsclean com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Huh? Microsoft pre-release release: WMF patch? Fergie (Jan 03)
- Re: Huh? Microsoft pre-release release: WMF patch? nodialtone (Jan 03)
- Re: Escapee from Redmond (was: Huh? Microsoft pre-release release: WMF patch?) Kevin McAleavey (Jan 03)
- Re: Escapee from Redmond Matthew Murphy (Jan 03)
- Re: Escapee from Redmond Kevin McAleavey (Jan 03)
- Re: Escapee from Redmond dudevanwinkle () gmail com (Jan 04)
- Re: Escapee from Redmond Florian Weimer (Jan 04)
- Re: Escapee from Redmond Matthew Murphy (Jan 03)