funsec mailing list archives

RE: MS Update coming today

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 5 Jan 2006 15:48:54 -0500

I just got it on Windows Update on one of my boxes

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Matthew Murphy
Sent: Thursday, January 05, 2006 3:34 PM
To: funsec () linuxbox org
Subject: Re: [funsec] MS Update coming today

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

According to my MSRC source, the patch has hit WU now.  The bulletin is up
as we speak:

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

My tests indicate the updates are up as well:

Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?familyid=AA9E27BD-CB9A-4EF1-
92A3-00FFE7B2AC74

Windows XP SP1/SP2
http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E-
B89B-215B7BB4D8E9

Windows XP x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=3A1166E6-5E9E-4E73-
BCD4-28ECA6ECE877

Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1584AAE0-51CE-47D6-
9A03-DB5B9077F1F2

Windows Server 2003 for Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E372D41-2C16-415E-
8306-A5CA8845CC09

Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=A8F4DCBA-5D28-4D9D-
A6A4-3B71108CFE2D

There is *NO PATCH* for Windows 98, Windows 98 SE, or Windows Me at this
time.

A quick study of the bulletin reveals this from the FAQ:

"Specifically, the change introduced to address this vulnerability removes
the support for the SETABORTPROC record type from the META_ESCAPE record in
a WMF image. This update does not remove support for ABORTPROC functions
registered by application SetAbortProc() API calls."

So, IOW, it's the same functionality as in Ilfak's patch, minus the hook.

- --
"Social Darwinism: Try to make something idiot-proof, nature will provide
you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDvYLVfp4vUrVETTgRA8cjAJ9N2FN8EqfY5gxj2AXnB8mphR1wRACgitGS
ADPT0SfacaZokDWz4xwy6Ec=
=AdPQ
-----END PGP SIGNATURE-----


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: mal blogs use, take #2, (continued)
- Re: mal blogs use, take #2 Roland Dobbins (Jan 05)
  - Re: mal blogs use, take #2 Gadi Evron (Jan 05)
    - MS Update coming today Larry Seltzer (Jan 05)
    - Re: MS Update coming today Matthew Murphy (Jan 05)
    - Re: MS Update coming today Jeff Kell (Jan 05)
    - Re[2]: MS Update coming today Pierre Vandevenne (Jan 05)
    - Re: MS Update coming today Gadi Evron (Jan 05)
    - MS Update Has Arrived Larry Seltzer (Jan 05)
    - RE: MS Update coming today Larry Seltzer (Jan 05)
    - Re: MS Update coming today Matthew Murphy (Jan 05)
    - RE: MS Update coming today Larry Seltzer (Jan 05)
    - RE: MS Update coming today Barrie Dempster (Jan 05)
    - RE: MS Update coming today Randy Abrams (Jan 06)
    - Re: MS Update coming today Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)
    - Re[2]: MS Update coming today Pierre Vandevenne (Jan 05)
    - RE: MS Update coming today Gary Funck (Jan 05)
    - Re: MS Update coming today H D Moore (Jan 05)
- RE: mal blogs use, take #2 Todd Towles (Jan 05)
  - Re: mal blogs use, take #2 Gadi Evron (Jan 05)
- RE: mal blogs use, take #2 Todd Towles (Jan 05)