funsec mailing list archives
Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch
From: "Fergie" <fergdawg () netzero net>
Date: Tue, 3 Jan 2006 21:15:40 GMT
Not sure I like how this story is worded. I mean, I realize that MS won't exactly endorse it, but WTF... Via eWeek. [snip] Microsoft Corp. has slapped a 'buyer beware' tag on a third-party patch for the zero-day Windows Metafile flaw and promised that its own properly tested update will almost certainly ship Jan. 10. The company's latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got rare blessings from experts at the SANS ISC (Internet Storm Center) and anti-virus vendor F-Secure Corp. Guilfanov, author of the IDA (Interactive Disassembler Pro), released an executable that revokes the "SETABORT" escape sequence that is the crux of the problem. The hotfix was tested and approved for use by many security experts, but Microsoft says it cannot vouch for the quality of the fix. [snip] http://www.eweek.com/article2/0,1759,1907562,00.asp - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Fergie (Jan 03)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Barrie Dempster (Jan 03)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Pierre Vandevenne (Jan 03)
- RE: Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch Randy Abrams (Jan 06)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch Gadi Evron (Jan 06)
- RE: Microsoft trying to put F.U.D. on Guilfanov 'temporary'patch Randy Abrams (Jan 06)
- <Possible follow-ups>
- RE: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Blanchard, Michael (InfoSec) (Jan 03)
- Re: Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch Florian Weimer (Jan 03)