Re: Revised: Microsoft Security Bulletin - MS02-066

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 11/26/02

  • Next message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in xp_freedll"
    Date:         Mon, 25 Nov 2002 18:48:48 -0500
    From: Russ <Russ.Cooper@RC.ON.CA>
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    I had a couple of people ping me about this revision notice. MS02-066 was updated to include information about a new KB article, and yes, its number really is 810687, regardless of "what number we've gotten to";

    http://support.microsoft.com/default.aspx?scid=kb;en-us;810687

    actually works, and is there.

    That KB article describes a new policy item, a way to restrict whether HTML Help files can invoke WinHelp or Shortcut commands. It seems possible to limit (possibly completely) the ability to use the HTML Help system as a catalyst for attack.

    Cheers,
    Russ - NTBugtraq Editor

    -----Original Message-----
    From: Russ
    Sent: Monday, November 25, 2002 1:41 PM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Revised: Microsoft Security Bulletin - MS02-066

    This bulletin has been revised.
    V1.0 (November 20, 2002): Bulletin Created.
    V1.1 (November 25, 2002): Add informtion about Microsoft Knowledge Base Article 810687

    Full bulletin details available at;
    http://www.microsoft.com/technet/security/bulletin/MS02-066.asp

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    http://www.trusecure.com/solutions/certifications/ticsa/

    for more information.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    http://www.trusecure.com/solutions/certifications/ticsa/

    for more information.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



    Relevant Pages

    • Re: 2 mistaken approvals to the list - not viruses
      ... Russ - NTBugtraq Editor ... Delivery co-sponsored by TruSecure Corporation ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)
    • Re: Kerberos login sniffer and cracker for Windows 2000/XP
      ... > I've coded a simple Kerberos login sniffer and cracker for Windows 2000/XP ... There doesn't seem to have been any urgency from vendors to ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)
    • Re: bind 8 info update regarding ISS
      ... I don't understand why instead of finding bugs you whine about responsibility ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)
    • Re: CISSP
      ... I see many job postings that are asking for CISSP certs. ... "Have a minimum 4 years of direct full-time security professional work ... that requires IS security knowledge and involves the ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: MS02-071, shatter?
      ... I have no time for testing, but think its not only WM_TIMER problem resolution. ... Getad use WM_COPYDATA message. ... Demonstrate your knowledge and understanding of core IT Security, ... Do you want to prove your IT security knowledge and increase ...
      (NT-Bugtraq)