[gkm@petting-zoo.net: Windows vulnerability]
Matthew Hawkins
matt at mh.dropbear.id.au
Fri Nov 22 10:19:04 EST 2002
Everyone loves stories about our favourite criminal organisation :)
-M
----- Forwarded message from glen mccready <gkm at petting-zoo.net> -----
Forwarded-by: Nev Dull <nev at sleepycat.com>
From: "Michael A. Olson" <mao at sleepycat.com>
Microsoft has announced a critical Windows security flaw
that affects all versions of the OS except for XP. You
need to download and install a patch. Microsoft's servers
are swamped right now, I'm not able to download the patch.
This is a rough one for Microsoft. The vulnerability is
that a buggy ActiveX control that the company distributed
can be tricked into running arbitrary code on your system.
The immediate fix is to download and install a fixed version
of the control.
However, if you visit a Web page or receive HTML email from
a bad guy, the buggy version of the control can be silently
reinstalled. This is a problem for anyone who clice the
"Always trust content from ..." checkbox during browser
sessions.
The long-term fix, according to Microsoft, is to remove
Microsoft from your list of trusted publishers.
That's a commendable recommendation -- it's correct and it's
responsible to tell users how to fix the problem. It has to
be a bad day at Microsoft PR HQ, though.
Slashdot's covering the story, see
http://slashdot.org/article.pl?sid=02/11/21/1317229&mode=thread&tid=172
mike
----- End forwarded message -----
--
Matt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20021122/2d59b28f/attachment.bin
More information about the linux
mailing list