RE: Question: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
From: Brian W. Spolarich (bspolarich@nephrostherapeutics.com)
Date: 11/26/02
- Previous message: Deus, Attonbitus: "Re: Secure / Encrypt Terminal Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Nov 2002 08:46:21 -0500 From: "Brian W. Spolarich" <bspolarich@nephrostherapeutics.com> To: "Harris, Ken" <KHarris@HIPUSA.com>, <focus-ms@securityfocus.com>
Harris, Ken wrote:
> The reason I ask is that Microsoft does not seem to show much
> confidence in this patch; e.g. in the Caveats section, it is implied
> that if a webpage references the older, pre-patch RDS control,
> dependent upon the IE security settings they will either be prompted
> to install the control, or it will be installed silently if Microsoft
> is added to the Trusted Publishers list.
According to the MS docs:
"Web server administrators who are running an affected version of MDAC should either install the patch, disable MDAC and/or RDS, or upgrade to MDAC 2.7, which is not affected by the vulnerability."
Instead of applying the patch ato , why not just install MDAC 2.7 on the clients and servers (certainly starting w/ the server)? Is there something in the version of MDAC that you're running that will be broken by 2.7?
-bws
- Next message: Andras Vass: "Re: Secure / Encrypt Terminal Services"
- Previous message: Deus, Attonbitus: "Re: Secure / Encrypt Terminal Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
