• Welcome to Valhalla Legends Archive.
 

MS04-040 Released

Started by iago, December 01, 2004, 02:56 PM

Previous topic - Next topic

iago

The patch for the dreaded "IFrame Vulnerability" was FINALLY released.  It took microsoft 29 days to release a patch for arbitrary code execution in their browser that had available exploit code from about 27 days ago.  That was absolutely rediculous.

http://secunia.com/advisories/12959/
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Yoni

According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.

iago

Quote from: Yoni on December 01, 2004, 06:30 PM
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.

Windows 2k3 and Windows 2000 were still vulnerable.  And there are still a lot of corperations who haven't gotten approval to move to SP2 yet (because of all the incompatilibity issues we know it's going to cause)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MyndFyre

Quote from: iago on December 01, 2004, 07:59 PM
Quote from: Yoni on December 01, 2004, 06:30 PM
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.

Windows 2k3 and Windows 2000 were still vulnerable.  And there are still a lot of corperations who haven't gotten approval to move to SP2 yet (because of all the incompatilibity issues we know it's going to cause)

I recently upgraded my development partition of XP to SP2.  I haven't had any compatibility issues, despite my fear of them.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

Quote from: MyndFyre on December 01, 2004, 08:24 PM
Quote from: iago on December 01, 2004, 07:59 PM
Quote from: Yoni on December 01, 2004, 06:30 PM
According to link, XP SP2 already fixed it. So maybe half or more (correct me if I'm way off) of the patch's "target audience" was already patched.

Windows 2k3 and Windows 2000 were still vulnerable.  And there are still a lot of corperations who haven't gotten approval to move to SP2 yet (because of all the incompatilibity issues we know it's going to cause)

I recently upgraded my development partition of XP to SP2. I haven't had any compatibility issues, despite my fear of them.

We're definately going to have them.  We have some crappy software being used.  We're just hoping it won't go TOO badly.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Yoni

Quote from: iago on December 01, 2004, 07:59 PM
Windows 2k3 and Windows 2000 were still vulnerable.

Actually,

Quote
NOTE: The vulnerability does not affect systems running Windows XP with SP2 installed nor Windows Server 2003.

But yes @ Win2k. And yes, I know lots of people didn't install it yet. I just threw a guess (based on absolutely nothing) that half of Windows users use XP SP2. Any based statistics?

iago

well, the only statistics that I've seen are from Microsoft, "Over xxxx billion people have installed it!", but that doesn't really mean anything.

The odd part is that they fixed the problem in SP2, yet it took them a month to fix it on other platforms.  It's confusing, like, did they manage to lose the bug that caused it or something? :/
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Skywing

Quote from: iago on December 02, 2004, 07:28 AM
well, the only statistics that I've seen are from Microsoft, "Over xxxx billion people have installed it!", but that doesn't really mean anything.

The odd part is that they fixed the problem in SP2, yet it took them a month to fix it on other platforms.  It's confusing, like, did they manage to lose the bug that caused it or something? :/
The fix has to be backported to the older source tree and then there's a huge regression test matrix they have to run everything through to make sure it doesn't break stuff.  But I'm not sure why it took them 27 days to do that when they've done other things much faster.

Adron

Perhaps it broke something at first?

Your msn icon requires auth Skywing?

Skywing