Today's patches.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*Another catch from the honeymonkeys?  Interesting that 3 out of 4 had
public exploits available. Also interesting that Outlook is the new
punching bag. Since everyone uses Outlook, and Outlook parses
HTML...it's really every part of Office that people have to move off
of to avoid the Office Security Nightmare.
*

I like how MS italicized "originally" in the text below. Does someone
own the MSRC? (Someone clumsy, I mean. Obviously lots of people own
the MSRC but they shouldn't be getting caught.)

Are honeymonkey's more cost-effective as a protection than code auditing?

*-dave*

*http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
"""
*

*When this security bulletin was issued, had this vulnerability been
publicly disclosed?*
No. Microsoft /originally/ received information about this
vulnerability through responsible disclosure.

*When this security bulletin was issued, had Microsoft received any
reports that this vulnerability was being exploited?*
Yes. When the security bulletin was released, Microsoft had received
information that this vulnerability was being exploited.

*Does applying this security update help protect customers from the
code that has been published publicly that attempts to exploit this
vulnerability?*
Yes. This security update addresses the vulnerability that is
currently being exploited. The vulnerability that has been addressed
has been assigned the Common Vulnerability and Exposure number
CVE-2007-0024.
"""

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFo/UEB8JNm+PA+iURAuW8AKCwsAtIABue6qIALzkslgjZu2D2PgCg0k2U
ZZyqVnxQVLX3tWzrKciYiRs=
=D+r4
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave