Re: Microsoft Security Bulletin MS03-040 - 828750

From: PCR (pcrrcp_at_netzero.net)
Date: 10/05/03 

Date: Sat, 4 Oct 2003 22:27:59 -0400

Well, as cquirke said, even an URL can be faked, perhaps in HTML only--
still, a convincing enough post, with a signature such as yours will
entice one to click any URL. So, it's best to just put any critical fix
at Windows Update. Fine! We've all clicked a half million URLs by now,
and I've got a collection of 500, but... BUT...... well... this post
might be a favorite kind of target. Indeed, Swen has been here imitating
MS already, you know. So, until you do some of what Nancie suggested,
which is some kind of screening of posts, it's best to keep it at
Windows Update.

But do come by now & then, even just to tell us one has come out. This
is because some of us may have uninstalled the MS Critical Update
Notification Tool, whether accidentally or for any other valid reason. 

-- 
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:upMZZBpiDHA.616@TK2MSFTNGP11.phx.gbl...
| There is some interesting feedback here to my post. FYI, I personally
have
| been posting our security bulletins and alerts in these newsgroups for
over
| two years now. In fact, I created these security newsgroups (.security
and
| .security.virus) mainly for this purpose. My post is completely
consistent
| with the way I have always posted them. This is the first time anyone
had
| issues with cross posting. I understand the basis of those concerns
though
| and will take them in to consideration. So, in light of recent swen
issues
| in these newsgroups, is it the general feeling of all here that cross
| posting should not be used to communicate these bulletin releases?
|
| Microsoft has always maintained that
www.microsoft.com/technet/security is
| authoritative in regards to security issues with our products. This
means
| that even if you are subscribed to our security bulletin notification
| service, you should verify the validity of that information by going
to that
| site.
|
| -- 
| Regards,
|
| Jerry Bryant - MCSE, MCDBA
| Microsoft IT Communities
|
| Get Secure! www.microsoft.com/security
|
|
| This posting is provided "AS IS" with no warranties, and confers no
rights.
| "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
| news:Ol5il6hiDHA.3712@tk2msftngp13.phx.gbl...
| > Title: Cumulative Patch for Internet Explorer Execution (828750)
| > Date: October 3, 2003
| > Software:
| > Internet Explorer 5.01
| > Internet Explorer 5.5
| > Internet Explorer 6.0
| > Internet Explorer 6.0 for Windows Server 2003
| > Impact: Run code of attacker's choice.
| > Maximum Severity Rating: Critical
| > Bulletin: MS03-040
| >
| > The Microsoft Security Response Center has released Microsoft
Security
| > Bulletin MS03-040
| >
| > What Is It?
| > The Microsoft Security Response Center has released Microsoft
Security
| > Bulletin MS03-040 which concerns a vulnerability in Internet
Explorer.
| > Customers are advised to review the information in the bulletin,
test and
| > deploy the patch immediately in their environments, if applicable.
| >
| > More information is now available at
| > http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
| >
| > If you have any questions regarding the patch or its implementation
after
| > reading the above listed bulletin you should contact Product Support
| > Services in the United States at 1-866-PCSafety (1-866-727-2338).
| > International customers should contact their local subsidiary.
| >
| >
| >
| > -- 
| > Regards,
| >
| > Jerry Bryant - MCSE, MCDBA
| > Microsoft IT Communities
| >
| > Get Secure! www.microsoft.com/security
| >
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| >
| >
|
|