Attacks prompt third parties to fix flaw

Attacks prompt third parties to fix flaw
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Attacks prompt third parties to fix flaw imhotep 10-03-2006
Posted by imhotep on October 3, 2006, 1:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Attacks prompt third parties to fix flaw

Attacks targeting the latest flaw in Microsoft's operating system have
convinced two groups to release temporary fixes to protect users while the
software giant develops its own patch.

The attacks attempt to exploit the Windows Shell vulnerability acknowledged
by Microsoft last week, according to the SANS' Internet Storm Center, which
raised its alert level to Yellow after the organization's handlers received
reports of a significant number of attacks.

Two groups have published software tools to protect against attacks that
attempt to exploit the Windows Shell vulnerability. Security professionals
who previously formed the Zeroday Emergency Response Team (ZERT) published
on Saturday an update for a custom security tool aimed at protecting users
temporarily from the attacks. Security firm Determina has also developed a
software patch that will protect users against the attacks.


http://www.securityfocus.com/brief/318

Imhotep

Posted by Dan W. on October 3, 2006, 9:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
<snip>

test reply to Imhotep

Dan W.

Computer User

Posted by Gerry Hickman on October 3, 2006, 6:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Imhotep,

This is very helpful, and led me to this Microsoft URL

http://www.microsoft.com/technet/security/advisory/926043.mspx

Can you believe this article reads almost the same as the first ever
exploit of ActiveX within the Outlook Express reading pane back in year
2000. Microsoft have learned NOTHING in five years.

Who wants to bet whether we'll see this same kind of nonsense under Vista?

imhotep wrote:
> Attacks prompt third parties to fix flaw
>
> Attacks targeting the latest flaw in Microsoft's operating system have
> convinced two groups to release temporary fixes to protect users while the
> software giant develops its own patch.
>
> The attacks attempt to exploit the Windows Shell vulnerability acknowledged
> by Microsoft last week, according to the SANS' Internet Storm Center, which
> raised its alert level to Yellow after the organization's handlers received
> reports of a significant number of attacks.
>
> Two groups have published software tools to protect against attacks that
> attempt to exploit the Windows Shell vulnerability. Security professionals
> who previously formed the Zeroday Emergency Response Team (ZERT) published
> on Saturday an update for a custom security tool aimed at protecting users
> temporarily from the attacks. Security firm Determina has also developed a
> software patch that will protect users against the attacks.
>
>
> http://www.securityfocus.com/brief/318
>
> Imhotep


--
Gerry Hickman (London UK)

Posted by Roger Abell [MVP] on October 3, 2006, 10:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> imhotep@nospam.net says...
>> Not my fault your newsgroup reader does not work correctly...but thanks
>> anyway...
>
> Why do you reply in all the groups, but want people to only reply in one
> of the groups?
>

I notice the reply you recently received only answered the last half of your
question, but was totally silent on the "Why do you reply in all the groups"
part, which is clearly what makes the threads disjointed.

Roger



Posted by Roger Abell [MVP] on October 4, 2006, 10:36 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Leythos wrote:
>
>> imhotep@nospam.net says...
>>> Not my fault your newsgroup reader does not work correctly...but thanks
>>> anyway...
>>
>> Why do you reply in all the groups, but want people to only reply in one
>> of the groups?
>>
>
> Well I already told you but fair is fair. You asked an honest question and
> I
> will answer it *one* more time. Although, It would be more approiate to
> take this offline...
>
>
> I usually only post alert type messages that are security related unless I
> come across something that I can help with (replying to someone's
> question). When I post one of these alert type messages it usually is to
> many news groups related to the topic (like this one "Attacks prompt third
> parties to fix flaw"). However, I have over 20+ newsgroups that I *try* to
> check every couple of days or so. Many times someone will reply
> incorrectly
> (reply to one of the newsgroups I do not frequently check) and as such I
> might not see their reply for days or more. Now, I assume that if someone
> is replying to me they actually want me to read their post. Since I do not
> have the time anymore to go to all of the newsgroups daily like I used to,
> I set the "Followup-To" to a newsgroup that I do check regularly. That way
> I will see their reply in a timely fashion *without* having to look at
> every newsgroup every night. It is just too much.
>

If someone "incorrectly" replies to what you considered the wrong group
then they modified the post-to list, and your use of follow-ups would in
that case be irrelevant.

If you did not use followups the vast majority of replies would go to were
everyone following the thread would see them, i.e. the xpost list of groups.

In that case it would also appear in your preferred newsgroup.

That you feel you need to use followups so that you can have the reply
"to you" called to your attention in the group that you would monitor is
just plain ego-centric and not understanding at all of the needs of others.

If your intention is for a discussion about the issue to reach those in the
list of selected newsgroups, then let all posts go to those groups and do
not use followups forcing those that do notice to alter what their well-
behaved and RFC compliant newreader client preloads for the post-to
(your spec'd followup) newsgroup.

Roger



Similar ThreadsPosted
Can we default to a trusted domain in IIS prompt? December 27, 2005, 1:11 pm
Assign IPSec Policy via cmd prompt November 28, 2007, 5:58 am
How to show Windows Credentials Prompt July 11, 2008, 10:46 am
Zone Alarm Via Command Prompt ? August 8, 2008, 9:38 am
Safe mode with command prompt, networking December 31, 2005, 7:39 pm
OWA/ISA Flaw? May 4, 2006, 5:30 pm
Yet another new outlook and IE security flaw discovered... September 9, 2005, 12:46 am
IE Flaw Puts Windows XP SP2 At Risk September 17, 2005, 3:07 pm
RE: Users urged to fix browser flaw April 11, 2006, 4:18 am
Bot spreads using latest Windows flaw August 15, 2006, 9:09 pm

The site map in XML format XML site map

Contact Us | Privacy Policy