Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

When is an exploit not an exploit?

May 26th 2006 in Uncategorized

When it has already been patched… take the brou haha triggered by Symantec’s “alert” to its subscribers about an alleged unpatched vulnerability in Windows 2000’s file sharing protocol.

Scary words were used by various parties who picked up on the alert, and ran with it, including “unpatched vulnerability”… “zero day bug”… “Immunity will make the exploit public in June”…

“By Immunity” said “the exploit leverages a flaw in the operating system’s kernel that can be triggered through SMB, and will give an attacker full access to the PC”
(cite: http://www.informationweek.com/news/showArticle.jhtml?articleID=188500259)
(cite: http://www.itnews.com.au/newsstory.aspx?CIaNID=33055)

“Symantec said “Immunity is considered to be a reliable source and we are of the opinion that this information should be treated as fact,” and “An official security update from Microsoft will likely not be in development until after June when the information is released.””
(cite: http://www.informationweek.com/news/showArticle.jhtml?articleID=188500259)
(cite: http://www.itnews.com.au/newsstory.aspx?CIaNID=33055)

But then…. Microsoft said:

“We just want to let everyone know that we’ve investigated this claim and found the vulnerability being discussed is fixed by MS05-011, a security update released almost 16 months ago. We contacted our partners on this and made sure they understood this is not new. What *is* new is that someone reportedly has found a different way to exploit the vulnerability. But if you have the update, you’re protected.”
(cite: http://blogs.technet.com/msrc/archive/2006/05/25/430278.aspx)


Comments are closed.

Update for Outlook Express 6.0 on Microsoft Windows XP (KB918651)http://www.microsoft.com/downloads/details.aspx?familyid=86b68a78-f325-4a95-98c2-98af2256ccc3&displaylang=en
This update does two things:
1) A backup of your DBX database is made before compation of the database occurs, just in case something goes wrong.  The backup DBX will be moved to the Recycle Bin once compation completes successfully.  Also, if compaction is dome manually via […]

Previous Entry

Internet Explorer 7 has a slightly different name in Windows Vista – “Internet Explorer 7+”   There are extra features in Vista that will not be made available in XP, such as parental controls and protected mode, therefore it makes sense to differentiate between the two versions.

Next Entry