Full Disclosure mailing list archives

Re: MS03-032 Patch Updated or NOT ?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 10 Sep 2003 14:23:29 +1200

Elv1S <elvi52001 () yahoo com> wrote:

on MS website, the security bulletin MS03-032 was updated on sept 8 :

V1.3 (September 8, 2003): Added information regarding reports that the
patch provided does not properly correct the Object Type Vulnerability
(CAN-2002-0532) 

But after applying the patch, rebooting - and making a test on k-otik :
 
http://www.k-otik.com/MS03-032-TEST/
http://www.k-otik.com/MS03-032-TEST2/
 
i'm still vulnerable !!!
 
So updated or not ??


Not.

Had you read a little more carefully you may have noted the third paragraph of the updated bulletin, which reads, in 
its entirety:

   Microsoft is investigating these reports and will re-issue this
   bulletin with an updated patch that corrects these problems.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MS03-032 Patch Updated or NOT ? Elv1S (Sep 09)
- RE: MS03-032 Patch Updated or NOT ? Richard M. Smith (Sep 09)
- Re: MS03-032 Patch Updated or NOT ? Nick FitzGerald (Sep 09)
- Re: MS03-032 Patch Updated or NOT ? Thor Larholm (Sep 09)