> From: "Thomas Willner" <thomaswillner_at_elitetraderz.com>
> It has been reported that the official Microsoft patch for this
> vulnerability is not 100% effective in blocking exploitation. At this
> time, there is no fully working solution except disabling ActiveX
> controls and also disabling Active Scripting in IE.
Your reports are almost a month old by now.
> Some links that may be of use in determining your exposure to this
> vulnerability:
>
> Technical Bulletin:
> http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
It may be true that MS03-032 did not fully patch the Object Data vulnerability,
but a revised version has been released for several weeks now. It is called
MS03-040, was released October 3 and it does indeed patch this vulnerability
completely.
http://www.microsoft.com/technet/security/bulletin/ms03-040.asp
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://pivx.com/larholm/ - Get our research, join our mailinglist
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
Received on Oct 19 2003
Intro
