[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
- To: toddtowles@xxxxxxxxxxxxxxx
- To: billybobknob@xxxxxxxxxxx
- To: skylined@xxxxxxxxxxxxxxx
- To: full-disclosure@xxxxxxxxxxxxxxxx
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
- From: "Des Ward" <des_ward@xxxxxxxx>
- Date: Thu, 2 Dec 2004 15:08:26 GMT
That would make sense, seeing as M$ stated on the deployment of Sp1 that
patches would start to be released only for that patch or greater.
-----Original Message-----
From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
Date: Thu, 2 Dec 2004 08:07:10
To:"BillyBob" <billybobknob@xxxxxxxxxxx>, "Berend-Jan Wever"
<skylined@xxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>,
Subject: RE: [Full-Disclosure] Official IFRAME patch - make sure it installs
As stated in the FAQ of the patch page. It would appear the new baseline
for all future patches will be SP1 unless they decided to change it.
I am still using Windows XP, but extended security update support ended
on September 30th, 2004. What should I do?
The original version of Windows XP, commonly referred to as Windows XP
Gold or Windows XP Release to Manufacturing (RTM) version, reached the
end of its extended security update support life cycle on September
30th, 2004.
It should be a priority for customers who have these operating system
versions to migrate to supported versions to prevent potential exposure
to future vulnerabilities. For more information about the Windows
Product Life Cycle, visit the Microsoft Support Lifecycle Web site. For
more information about the extended security update support period for
these operating system versions, visit the Microsoft Product Support
Services Web site.
Customers who require additional support for Windows XP RTM must contact
their Microsoft account team representative, their Technical Account
Manager, or the appropriate Microsoft partner representative for custom
support options. Customers without an Alliance, Premier, or Authorized
Contract can contact their local Microsoft sales office. For contact
information, visit the Microsoft Worldwide Information Web site, select
the country, and then click Go to see a list of phone numbers. When you
call, ask to speak with the local Premier Support sales manager.
For more information, see the Windows Operating System FAQ.
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of BillyBob
> Sent: Thursday, December 02, 2004 7:07 AM
> To: Berend-Jan Wever; full-disclosure@xxxxxxxxxxxxxxxx;
> bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Official IFRAME patch - make
> sure it installs correctly
> Does anyone know why Microsoft does not have this patch
> available for XP (no
> SP) running IE6 ?
> I know this system is vulnerable to the IFRAME exploit as I tested it.
> Bill
> ----- Original Message -----
> From: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>
> To: <full-disclosure@xxxxxxxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>
> Sent: Wednesday, December 01, 2004 8:49 PM
> Subject: [Full-Disclosure] Official IFRAME patch - make sure
> it installs correctly
> > The IFRAME vulnerability has been patched, see
> http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
> >
> > *** Make sure you are patched after installing *** I installed it
> > using "Automatic Updates" (on Win2ksp4), rebooted and
> loaded my InternetExploiter.html: IT STILL WORKED!!
> > Even though both "Automatic Updates" and
> "http://windowsupdate.microsoft.com" reported that I was patched!?!
> > I manually downloaded the exe and ran it, rebooted and now
> I'm finally
> truely patched.
> >
> > It might just have been a glitch on my system, but you might wanna
> > check
> anyway: InternetExploiter.html can still be downloaded from
> my website.
> >
> > Berend-Jan Wever
> > <skylined@xxxxxxxxxxxxxxx>
> > http://www.edup.tudelft.nl/~bjwever
> > SkyLined in #SkyLined on EFNET
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Kind regards,
Des Ward
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html