Re: Darn if you do Darn if you don't.
From: Brian S. Bergin (b.b_at_TERABYTE.NET)
Date: 10/07/04
- Previous message: Steve Shockley: "ASP.Net vulnerabillity"
- Maybe in reply to: Castigliola, Angelo: "Darn if you do Darn if you don't."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Oct 2004 18:49:11 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
At 12:58 06 10 04 Wednesday, you wrote:
>Two Days ago it was reported on another list that the web site
>http://themexp.org <http://themexp.org> was able to load spyware onto a
>fully patched XP SP2 running Internet Explorer SP1 with no user
>interaction. This is false. XP SP2 running IE SP1 will prompt a user
>with a security alert letting them know that the site they are visiting
>is trying to load software onto their computer.
I've patched hundreds of XP boxes to SP2 and have not found one that's
still running IE 6 SP1. It is my understanding that the SP2 deployment
file updates IE to IE 6 SP2 and yes there may be times when MS doesn't have
the ability to "fix" problems in older software that have been fixed in
SP2. For example, I'm betting we never see an IE 6 SP2 for NT 4, though I
hope I'm wrong.
Sincerely,
Terabyte Computers, Inc.
Brian S. Bergin
President
-- NTBugtraq Editor's Note: Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field. --
- Previous message: Steve Shockley: "ASP.Net vulnerabillity"
- Maybe in reply to: Castigliola, Angelo: "Darn if you do Darn if you don't."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
