[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: Re: [Dshield] Proxy attackers/hijackers
From: "Thor Larholm" <lists.netsys.com () jscript ! dk>
Date: 2003-10-18 5:06:53
[Download RAW message or body]
> From: "Thomas Willner" <thomaswillner@elitetraderz.com>
> It has been reported that the official Microsoft patch for this
> vulnerability is not 100% effective in blocking exploitation. At this
> time, there is no fully working solution except disabling ActiveX
> controls and also disabling Active Scripting in IE.
Your reports are almost a month old by now.
> Some links that may be of use in determining your exposure to this
> vulnerability:
>
> Technical Bulletin:
> http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
It may be true that MS03-032 did not fully patch the Object Data vulnerability,
but a revised version has been released for several weeks now. It is called
MS03-040, was released October 3 and it does indeed patch this vulnerability
completely.
http://www.microsoft.com/technet/security/bulletin/ms03-040.asp
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://pivx.com/larholm/ - Get our research, join our mailinglist
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic