[Full-Disclosure] Microsoft got it wrong

From: Richard M. Smith (rms_at_computerbytesman.com)
Date: 10/15/03

  • Next message: Ben Nelson: "Re: [Full-Disclosure] New Microsoft security bulletins today" 
    To: "'Darren Bounds'" <dbounds@intrusense.com>, <full-disclosure@lists.netsys.com>
Date: Wed, 15 Oct 2003 16:47:56 -0400

    Only last month in USA Today, Microsoft was claiming that Windows Messenger
    didn't represent a security hazard:

       Pop-ups assail through Windows
       http://www.usatoday.com/tech/news/2003-09-24-popups_x.htm

       Microsoft views pop-up boxes as a benign nuisance
       that does "not pose a security risk," says Greg Sullivan,
       product manager for Windows.

    Looks like Microsoft crystal ball is pretty fuzzy. Windows Messsenger is
    just the sort of seldom-used feature that should be turned off by default in
    Windows XP.

    Richard M. Smith
    http://www.ComputerBytesMan.com

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Darren Bounds
    Sent: Wednesday, October 15, 2003 2:19 PM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] MS Security Bulletin MS03-043

    Microsoft Security Bulletin MS03-043

    Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

    Issued: October 15, 2003
    Version Number: 1.0

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Ben Nelson: "Re: [Full-Disclosure] New Microsoft security bulletins today"

    Relevant Pages

    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter #120
      ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #176
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
      (Securiteam)