Re: Items within XP SP2 and Win2003

From: kyle (kyle_at_inetconnection.com)
Date: 09/27/04

  • Next message: Hyland Jeremy J CONT KPWA: "RE: Items within XP SP2 and Win2003" 
    To: "Depp, Dennis M." <deppdm@ornl.gov>, focus-ms@securityfocus.com
Date: Mon, 27 Sep 2004 13:35:46 -0500

    The particular exploit I examined appeared with SP2, and was described as a
    just SP2 vulnerability, I may have misread that myself, but the impression I
    got out of the way it was written was it was SP2 only.

    On Monday 27 September 2004 07:29 am, you wrote:
    > Perhaps I misread this issue. The drag and drop vulnerability you speak
    > is not unique to SP2. It also affects computers running SP1.
    >
    > Denny
    >
    > > -----Original Message-----
    > > From: kyle [mailto:kyle@inetconnection.com]
    > > Sent: Monday, September 27, 2004 8:04 AM
    > > To: Depp, Dennis M.; focus-ms@securityfocus.com
    > > Subject: Re: Items within XP SP2 and Win2003
    > >
    > > I believe the drag and drop error that works with IE and SP2
    > > was a new
    > > problem. I know there were more, but that was the largest
    > > one. (if you are
    > > not familiar with it, basically a webmaster can code it so by
    > > moving the
    > > mouse on the page, he has the ability to install anything and
    > > bypass your
    > > firewall) And I've seen ways people can get around the
    > > "active x install
    > > protection/download protection" that microsoft has included
    > > (a simple string
    > > tells it you already hit yes)
    > > I think that if you don't have to upgrade to SP2, don't. Get
    > > a real firewall
    > > (ex: zone alarm, shorewall, or make a hardware one like
    > > smoothwall) and keep
    > > them up to date. They specialize in security, while m$
    > > admitted they wont be
    > > secure until 2010 (see slashdot for more info on that)
    > >
    > > On Monday 27 September 2004 06:14 am, you wrote:
    > > > Interesting comment. The arbitrary code exploits you mentioned, are
    > > > these unique to SP2 or does SP1 fall prey to them as well. I am not
    > > > aware of any exploits that are unique to SP2. The firewall is not
    > > > perfect I will admit, but it is a vast improvement over its
    > > > predecdessor. The current firewall is great for a home machine.
    > > > However, when you use the wizard to poke holes in the firewall, they
    > > > seem to be much larger than needed. I think a better
    > >
    > > analogy for the
    > >
    > > > firewall is a privacy fence, but when you use the wizard to open the
    > > > firewall, often you are removing several boards when a knot
    > >
    > > hole would
    > >
    > > > have worked just as well.
    > > >
    > > > Denny

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Hyland Jeremy J CONT KPWA: "RE: Items within XP SP2 and Win2003"