Re: Alert: Microsoft Security Bulletin - MS03-023 - update
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 07/11/03
- Previous message: Russ: "Re: WHERE ARE NT4 OLD PASSWORDS STORED - summary of replies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jul 2003 22:31:28 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I want to apologize to the folks over at the Microsoft Security Response Center. I said last night that they hadn't responded to my query after 7 hours. In fact, they did respond, about 3 hours after I contacted them. Unfortunately, their response didn't get to me through no fault of theirs.
Their response indicated that the Outlook with the Outlook Email Security Update (OESU) applied, Outlook 2002 in default configuration, and Outlook Express 6.0 SP1 would all stop a (J/VB)scripted attack sent via email.
It is still unclear why those products don't make a reasonable mitigator worth listing, particularly since IE's Enhanced Security Configuration under Windows 2003 is listed as one.
They did point out that the vulnerability could be invoked via other means. Basically, any attempt to convert HTML<->RTF could invoke the overflow, and that might be done in programs other than those that use IE. True as that is, that's also true on Windows 2003, even with IE's Enhanced Security Configuration, isn't it?
Anyway, the point is that the Restricted Sites Zone is not being by-passed. Since my assessment is that attacks against corporate environments is most likely going to occur via an HTML-based email, use of those products listed above should be considered a reasonable mitigator.
<meager excuse>
Spam is driving me nuts. In an effort to reduce the spam I get every day (max. 209 per day), I wrote several utilities for Outlook and Exchange which have allowed me to get down to an average of 69 per day so far. Good work you might say, or "my spam program's way better than that". Well, maybe, but I have some rather unique requirements so what I need isn't what everyone else does, nor would it work for everyone else.
Anyway, the point is, my anti-spam program may block email from you to me. Its not supposed to, but hey, who said I get paid to be a programmer. I have to manually move a message into a specific folder for it to be classified as spam. My mouse slips sometimes, and the wrong mail ends up in that folder occasionally.
Messages sent to NTBugtraq@listserv.ntbugtraq.com are not subjected to this spam filtering, so you should never be blocked from sending to that address. Also, remember, messages sent to that address are moderated by me only, so if you feel you can't get to me through my personal address, feel free to send me a message via the list address (just make a note in the message that it isn't meant for the list.)
</meager excuse>
Cheers,
Russ - NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Re: WHERE ARE NT4 OLD PASSWORDS STORED - summary of replies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
