RE: what do we make of this........
From: Dan Irwin (dan@jackies.com.au)Date: 09/11/02
- Previous message: H C: "re: Forensics article & Windows Net.exe replacements"
- Maybe in reply to: Teodorski, Chris: "what do we make of this........"
- Next in thread: Hay, Duane: "RE: what do we make of this........"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Sep 2002 15:42:48 +1000 From: "Dan Irwin" <dan@jackies.com.au> To: "Teodorski, Chris" <cteodorski@ppg.com>
Microsoft usually release a "hotfix" to patch critical problems ASAP
without waiting for the next service pack.
From the front page on grc.com, we can only assume Steve Gibson/GRC have
no knowledge of Microsoft's patch/update regeime. If this is the case,
then wtf are they doing running a company providing "security" and other
related services?
Also, the url makes no mention of the actual bug itself (Q??????). That
sure is quite an advisory.
It makes the mind boggle...
Dan.
-----Original Message-----
From: Teodorski, Chris [mailto:cteodorski@ppg.com]
Sent: Wednesday, 11 September 2002 12:52 PM
To: security-basics@lists.securityfocus.com
Subject: what do we make of this........
from http://grc.com/default.htm
Attention Windows XP Users
A little-known but critical vulnerability exists in Windows XP.
It has recently been repaired in Service Pack 1.
This vulnerability allows the files contained in any specified directory
on your system to be deleted if you click on a specially formed URL.
This URL could appear anywhere: sent in malicious eMail, in a chat room,
in a newsgroup posting, on a malicious web page, or even executed when
your computer merely visits a malicious web page. It is likely to be
widely exploited soon.
This vulnerability is so dangerous that it would be irresponsible for me
to say more. Microsoft has known of this problem for months and has,
inexplicably, done nothing before now. Although XP's Service Pack 1 is
not small (approx 30 MB for express installation or 140 MB for the
network install), and even though a much quicker and easier solution to
this problem exists, the only thing I can safely recommend (without
revealing too much) is to urge all XP users to somehow obtain and
install Service Pack 1 immediately. (If you have a slow Internet
connection, perhaps a friend can download the executable Service Pack
file and burn it onto a CD for you?)
This problem does not affect any systems other than Windows XP. If you
have any friends or co-workers running Windows XP, please urge them to
update their systems' too. Once the details of this vulnerability have
leaked through other channels I will provide additional information.
- Previous message: H C: "re: Forensics article & Windows Net.exe replacements"
- Maybe in reply to: Teodorski, Chris: "what do we make of this........"
- Next in thread: Hay, Duane: "RE: what do we make of this........"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
