[gkm@petting-zoo.net: Windows vulnerability]

Matthew Hawkins matt at mh.dropbear.id.au
Fri Nov 22 10:19:04 EST 2002

Everyone loves stories about our favourite criminal organisation :)


----- Forwarded message from glen mccready <gkm at petting-zoo.net> -----

Forwarded-by: Nev Dull <nev at sleepycat.com>
From: "Michael A. Olson" <mao at sleepycat.com>

Microsoft has announced a critical Windows security flaw
that affects all versions of the OS except for XP.  You
need to download and install a patch.  Microsoft's servers
are swamped right now, I'm not able to download the patch.

This is a rough one for Microsoft.  The vulnerability is
that a buggy ActiveX control that the company distributed
can be tricked into running arbitrary code on your system.
The immediate fix is to download and install a fixed version
of the control.

However, if you visit a Web page or receive HTML email from
a bad guy, the buggy version of the control can be silently
reinstalled.  This is a problem for anyone who clice the
"Always trust content from ..." checkbox during browser

The long-term fix, according to Microsoft, is to remove
Microsoft from your list of trusted publishers.

That's a commendable recommendation -- it's correct and it's
responsible to tell users how to fix the problem.  It has to
be a bad day at Microsoft PR HQ, though.

Slashdot's covering the story, see



----- End forwarded message -----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20021122/2d59b28f/attachment.bin

More information about the linux mailing list