funsec mailing list archives
RE: MS Update coming today
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 5 Jan 2006 15:48:54 -0500
I just got it on Windows Update on one of my boxes Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Matthew Murphy Sent: Thursday, January 05, 2006 3:34 PM To: funsec () linuxbox org Subject: Re: [funsec] MS Update coming today -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 According to my MSRC source, the patch has hit WU now. The bulletin is up as we speak: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx My tests indicate the updates are up as well: Windows 2000 SP4 http://www.microsoft.com/downloads/details.aspx?familyid=AA9E27BD-CB9A-4EF1- 92A3-00FFE7B2AC74 Windows XP SP1/SP2 http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E- B89B-215B7BB4D8E9 Windows XP x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=3A1166E6-5E9E-4E73- BCD4-28ECA6ECE877 Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=1584AAE0-51CE-47D6- 9A03-DB5B9077F1F2 Windows Server 2003 for Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=6E372D41-2C16-415E- 8306-A5CA8845CC09 Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=A8F4DCBA-5D28-4D9D- A6A4-3B71108CFE2D There is *NO PATCH* for Windows 98, Windows 98 SE, or Windows Me at this time. A quick study of the bulletin reveals this from the FAQ: "Specifically, the change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image. This update does not remove support for ABORTPROC functions registered by application SetAbortProc() API calls." So, IOW, it's the same functionality as in Ilfak's patch, minus the hook. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDvYLVfp4vUrVETTgRA8cjAJ9N2FN8EqfY5gxj2AXnB8mphR1wRACgitGS ADPT0SfacaZokDWz4xwy6Ec= =AdPQ -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: mal blogs use, take #2, (continued)
- Re: mal blogs use, take #2 Roland Dobbins (Jan 05)
- Re: mal blogs use, take #2 Gadi Evron (Jan 05)
- MS Update coming today Larry Seltzer (Jan 05)
- Re: MS Update coming today Matthew Murphy (Jan 05)
- Re: MS Update coming today Jeff Kell (Jan 05)
- Re[2]: MS Update coming today Pierre Vandevenne (Jan 05)
- Re: MS Update coming today Gadi Evron (Jan 05)
- Re: mal blogs use, take #2 Gadi Evron (Jan 05)
- MS Update Has Arrived Larry Seltzer (Jan 05)
- Re: mal blogs use, take #2 Roland Dobbins (Jan 05)
- RE: MS Update coming today Larry Seltzer (Jan 05)
- Re: MS Update coming today Matthew Murphy (Jan 05)
- RE: MS Update coming today Larry Seltzer (Jan 05)
- RE: MS Update coming today Barrie Dempster (Jan 05)
- RE: MS Update coming today Randy Abrams (Jan 06)
- Re: MS Update coming today Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)
- Re[2]: MS Update coming today Pierre Vandevenne (Jan 05)
- RE: MS Update coming today Gary Funck (Jan 05)
- Re: MS Update coming today H D Moore (Jan 05)
- Re: mal blogs use, take #2 Gadi Evron (Jan 05)