Re: Revised: Microsoft Security Bulletin - MS02-066
From: Russ (Russ.Cooper@RC.ON.CA)
Date: 11/26/02
- Previous message: Russ: "Revised: Microsoft Security Bulletin - MS02-066"
- Maybe in reply to: Russ: "Revised: Microsoft Security Bulletin - MS02-066"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Nov 2002 18:48:48 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I had a couple of people ping me about this revision notice. MS02-066 was updated to include information about a new KB article, and yes, its number really is 810687, regardless of "what number we've gotten to";
http://support.microsoft.com/default.aspx?scid=kb;en-us;810687
actually works, and is there.
That KB article describes a new policy item, a way to restrict whether HTML Help files can invoke WinHelp or Shortcut commands. It seems possible to limit (possibly completely) the ability to use the HTML Help system as a catalyst for attack.
Cheers,
Russ - NTBugtraq Editor
-----Original Message-----
From: Russ
Sent: Monday, November 25, 2002 1:41 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Revised: Microsoft Security Bulletin - MS02-066
This bulletin has been revised.
V1.0 (November 20, 2002): Bulletin Created.
V1.1 (November 25, 2002): Add informtion about Microsoft Knowledge Base Article 810687
Full bulletin details available at;
http://www.microsoft.com/technet/security/bulletin/MS02-066.asp
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Demonstrate your knowledge and understanding of core IT Security, become
TICSA certified.
Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;
http://www.trusecure.com/solutions/certifications/ticsa/
for more information.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Demonstrate your knowledge and understanding of core IT Security, become
TICSA certified.
Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;
http://www.trusecure.com/solutions/certifications/ticsa/
for more information.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in xp_freedll"
- Previous message: Russ: "Revised: Microsoft Security Bulletin - MS02-066"
- Maybe in reply to: Russ: "Revised: Microsoft Security Bulletin - MS02-066"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
