Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Official IFRAME patch - make sure it installs correctly
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 2 Dec 2004 08:07:10 -0600

As stated in the FAQ of the patch page. It would appear the new baseline
for all future patches will be SP1 unless they decided to change it.

------------------------------------
 I am still using Windows XP, but extended security update support ended
on September 30th, 2004. What should I do?

The original version of Windows XP, commonly referred to as Windows XP
Gold or Windows XP Release to Manufacturing (RTM) version, reached the
end of its extended security update support life cycle on September
30th, 2004. 

It should be a priority for customers who have these operating system
versions to migrate to supported versions to prevent potential exposure
to future vulnerabilities. For more information about the Windows
Product Life Cycle, visit the Microsoft Support Lifecycle Web site. For
more information about the extended security update support period for
these operating system versions, visit the Microsoft Product Support
Services Web site.

Customers who require additional support for Windows XP RTM must contact
their Microsoft account team representative, their Technical Account
Manager, or the appropriate Microsoft partner representative for custom
support options. Customers without an Alliance, Premier, or Authorized
Contract can contact their local Microsoft sales office. For contact
information, visit the Microsoft Worldwide Information Web site, select
the country, and then click Go to see a list of phone numbers. When you
call, ask to speak with the local Premier Support sales manager.

For more information, see the Windows Operating System FAQ.
------------------------------------



-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of BillyBob
Sent: Thursday, December 02, 2004 7:07 AM
To: Berend-Jan Wever; full-disclosure () lists netsys com; 
bugtraq () securityfocus com
Subject: Re: [Full-disclosure] Official IFRAME patch - make 
sure it installs correctly

Does anyone know why Microsoft does not have this patch 
available for XP (no
SP) running IE6 ?
I know this system is vulnerable to the IFRAME exploit as I tested it.

Bill

----- Original Message -----
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
To: <full-disclosure () lists netsys com>; <bugtraq () securityfocus com>
Sent: Wednesday, December 01, 2004 8:49 PM
Subject: [Full-disclosure] Official IFRAME patch - make sure 
it installs correctly


The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

*** Make sure you are patched after installing *** I installed it 
using "Automatic Updates" (on Win2ksp4), rebooted and
loaded my InternetExploiter.html: IT STILL WORKED!!
Even though both "Automatic Updates" and
"http://windowsupdate.microsoft.com"; reported that I was patched!?!
I manually downloaded the exe and ran it, rebooted and now 
I'm finally
truely patched.

It might just have been a glitch on my system, but you might wanna 
check
anyway: InternetExploiter.html can still be downloaded from 
my website.

Berend-Jan Wever
<skylined () edup tudelft nl>
http://www.edup.tudelft.nl/~bjwever
SkyLined in #SkyLined on EFNET


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]