Re: Alert: Microsoft Security Bulletin - MS02-021

From: Francis Favorini (francis.favorini@DUKE.EDU)
Date: 04/26/02


Date:         Fri, 26 Apr 2002 15:25:54 -0400
From: Francis Favorini <francis.favorini@DUKE.EDU>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Folks,

This bulletin says it doesn't supercede any other bulletins, but it seems to
me that is must supercede the following bulletins that all replaced
winword.exe in Office 2000 and/or Office XP.

MS00-071 Word Mail Merge Vulnerability
MS01-028 RTF document linked to template can run macros without warning
MS01-034 Malformed Word Document Could Enable Macro to Run Automatically

Am I missing something?

I also not that if I do a search of bulletins pertaining to Office XP Gold
or SP1, no results are returned in either case. I'm pretty sure there are
at least 4 patches for Gold and 1 for SP1. This is using
http://www.microsoft.com/technet/security/current.asp

What ever happened to that great plan to improve security at Microsoft? I
just don't understand why they can't set up a single, unified database that
has all the hotfix and service pack info in it, so that all the hodge podge
of security tools and queries can give the correct answers.

-Francis