[Full-disclosure] Some thoughts about MS06-027 Winword.exe timestamps
- From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
- Date: Wed, 14 Jun 2006 02:36:40 +0300 (EEST)
After examining new MS advisories the time stamps of executables included to MS06-027 http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx are interesting. First warnings about this 0-day vulnerability in Word were published on 19th May, referring to Internet Storm Center Diary entry. ISC made a great job during these weeks.
When looking into Security Update Information section -> Manual Client Installation Information -> Client Installation File Information) we have the following Winword.exe information:
Word 2003 - 15-May-2006
Word 2002 - 12-May-2006
Word 2000 - 16-May-2006
The updated, non-affected Winword.exe for Word version 2002 was ready (and passed some MS release tests) exactly a week before first public warnings. Like we know some targeted attacks to companies in China area has been reported.
After updating my Word installation file information of C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE says 11.5 Mb, 15th May 2006, revision 11.0.8026.0. Localized, Finnish update package was used.
New security advisory lists Shih-hao Weng of Information & Communication Security Technology Center, Taiwan (http://www.icst.org.tw/ ) as reporter of this issue. He was mentioned at Credit section of Windows Color Management Module advisory MS05-036 too. Big thanks goes to him as well.
BTW: MS06-027 lists Word Viewer 2003 (newest available) as affected too. Using viewer utilities was mentioned as one of the workarounds in May.
I'm not saying Microsoft was hiding something, I believe that attacks has been limited. Additionally, possibly Microsoft recommended target organizations not to use Word until fix is available.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] repeated port 21 attempts
- Next by Date: Re: [Full-disclosure] SSL VPNs and security
- Previous by thread: [Full-disclosure] ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability
- Next by thread: [Full-disclosure] Black Hat Speakers + 2005 Content on-line