|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dshield] Proxy attackers/hijackers
From: Thor Larholm (lists.netsys.com
jscript.dk)
Date: Sat Oct 18 2003 - 00:06:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> From: "Thomas Willner" <thomaswillnerelitetraderz.com>
> It has been reported that the official Microsoft patch for this
> vulnerability is not 100% effective in blocking exploitation. At this
> time, there is no fully working solution except disabling ActiveX
> controls and also disabling Active Scripting in IE.
Your reports are almost a month old by now.
> Some links that may be of use in determining your exposure to this
> vulnerability:
>
> Technical Bulletin:
> http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
It may be true that MS03-032 did not fully patch the Object Data vulnerability,
but a revised version has been released for several weeks now. It is called
MS03-040, was released October 3 and it does indeed patch this vulnerability
completely.
http://www.microsoft.com/technet/security/bulletin/ms03-040.asp
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://pivx.com/larholm/ - Get our research, join our mailinglist
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]