Re: Microsoft releases critical fix that breaks their own software!

From: mattmurphy@kc.rr.com
Date: 06/14/02


Date: 13 Jun 2002 22:08:47 -0000
From: <mattmurphy@kc.rr.com>
To: bugtraq@securityfocus.com


('binary' encoding is not supported, stored as-is) In-Reply-To: <009301c2129f$58ff1f90$3701a8c0@stingray>

>What classic MS, their newest critical alert dealing with the Gopher Root
>Vulnerability discussed on Security Focus last week
>[http://online.securityfocus.com/news/464] seems to break windows media
>player.
>
>Is there any validity to this- and, does their fix work?
>
>More info on the microsoft critical alert:
>http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/
>bulletin/MS02-027.asp
>More info on the breakage: http://www.pivx.com/workaround_fail.html

Not a bit of validity to this; WMP 7.1 successfully initialized and did
not give any errors (fresh install), with the Gopher proxy set to
localhost:1. BTW I don't think it was MS that proposed the proxy
workaround, that was Online Solutions (http://www.solutions.fi/) that did
that. I sent an e-mail to PivX concerning a *multitude* of inaccuracies
and omissions from their "Gopher Smoker" workaround. No response from
PivX on that. I will have to investigate this, but doesn't installing
such a fix like "Gopher Smoker" invalidate support contracts?