RE: [Full-Disclosure] Microsoft Windows XP SP2
Confirmed icon vulnerability as working on SP1 and SP2. I found that regedit.exe, winhelp.exe, and explorer.exe are also vulnerable and display their corresponding icon. I am unsure as to how useful this is as a vulnerability, but it shouldn't be present none the less. Michael Young IT Consultant Miles Technologies (856)439-0999 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 11:35 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Microsoft Windows XP SP2 Let's commence by giving credit where credit is due. The thinking is that the manufacturer of Windows XP has done a splendid job in patching their little operating system with 300 million dollar's worth of fixes. This is not exactly 'pocket change'. But this is: 1. trivial scripting in the local zone 2. notepad icon regardless of file in XP's little zip thing http://www.malware.com/malware.sp2.zip many other 'bits and pieces' to be had but overall a splendid effort on the manufacturer's part [for now]. Not quite sure where all that money went though. End Call -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Microsoft Windows XP SP2
I believe the $300 million figure being quoted has the "marketing" of SP2 in there. They want to get the word out globally to get patched and are supposed to do a lot to help out the folks in areas that can't get it off the NET. Also I believe they are supposed to pull the current retail boxed copies of XPs in stores and replace with XP2 versions. Also many security pros have petitioned Microsoft to release SP2 CDs like AOL CDs - have them for free in computer stores and magazines, etc. Whether that will happen or not remains to be seen. But MS is pretty adamant about trying to get as many machines patched as possible. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 11:35 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Microsoft Windows XP SP2 Let's commence by giving credit where credit is due. The thinking is that the manufacturer of Windows XP has done a splendid job in patching their little operating system with 300 million dollar's worth of fixes. This is not exactly 'pocket change'. But this is: 1. trivial scripting in the local zone 2. notepad icon regardless of file in XP's little zip thing http://www.malware.com/malware.sp2.zip many other 'bits and pieces' to be had but overall a splendid effort on the manufacturer's part [for now]. Not quite sure where all that money went though. End Call -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Microsoft Windows XP SP2
I personally think that Microsoft should turn the "hiding of file types" off by default. We all turn it off and it doesn't help basic users learn file types. They go by the icons and therefore the icon issue is a better security threat. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Young Sent: Thursday, August 19, 2004 2:23 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Microsoft Windows XP SP2 Confirmed icon vulnerability as working on SP1 and SP2. I found that regedit.exe, winhelp.exe, and explorer.exe are also vulnerable and display their corresponding icon. I am unsure as to how useful this is as a vulnerability, but it shouldn't be present none the less. Michael Young IT Consultant Miles Technologies (856)439-0999 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 11:35 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Microsoft Windows XP SP2 Let's commence by giving credit where credit is due. The thinking is that the manufacturer of Windows XP has done a splendid job in patching their little operating system with 300 million dollar's worth of fixes. This is not exactly 'pocket change'. But this is: 1. trivial scripting in the local zone 2. notepad icon regardless of file in XP's little zip thing http://www.malware.com/malware.sp2.zip many other 'bits and pieces' to be had but overall a splendid effort on the manufacturer's part [for now]. Not quite sure where all that money went though. End Call -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html