Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft April Security Bulletin Webcast BS

From: Steve Friedl <steve () unixwiz net>
Date: Wed, 13 Apr 2005 19:58:13 -0700
On Wed, Apr 13, 2005 at 02:24:17PM -0400, Micheal Espinola Jr wrote:

Wow... so, I'm listening to the webcast while doing my work today. I just 
heard him (the male presenter) say (three times now) that because some of 
the vulnerabilities have *not been publicly disclosed* that they are *not 
publicly exploitable*.
*OMFG*


No, that's not what he said.

After a couple of hours of dicking around with the lousy MS Events
website, I finally got to listen to the webcast to hear it for
myself. What he said was that they *have not been* publicly exploited,
which is to say: there aren't any known public exploits in the wild.

Christopher's words match the titling on the slides:

        Publicly Disclosed: No
        Publicly Exploited: No

I suppose there's an implied "yet" after all of these.

Those who care to verify this more carefully than the original poster
can do so for themselves can do so from the Microsoft website:

        http://go.microsoft.com/fwlink/?LinkId=43750

(if you care to wrestle with the registration system) and find
his very words at:

        MS05-016: slide 13, timestamp  6:50
        MS05-017: slide 15, timestamp  8:40
        MS05-018: slide 18, timestamp 11:10
        MS05-019: slide 20, timestamp 12:55 *1
        MS05-022: slide 32, timestamp 23:40

*1 = publicly disclosed, but not publicly exploited

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: