Re: More information on ZERT patch for ANI 0day

les ;-) Jason Frisvold wrote: On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <[EMAIL PROTECTED]> wrote: the community need that they are reacting to. Gadi and the crew work hard and have my respect for their efforts. Agreed. Previous patches worked as advertised with no adverse si

Re: More information on ZERT patch for ANI 0day

Hardly. Don't remember that last Zero day in 2006 do you? http://www.eweek.com/article2/0,1895,2019162,00.asp The Zert folks have coded up zero day patches before (VML and WMF anyone?) and are folks actively out in the community. While I'm not ready yet to install third party patches on syste

Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0

With all due respect. the "90 days fix it or else" on a mobile platform is being optimistic don't you think when I'm still struggling getting a cab file update on all of my mobile phones for the time change issue. Quite frankly a denial of service on IE on a phone will get me yelled at ..

Re: SAP Security Contact

[EMAIL PROTECTED] goes to the police/traffic department at a certain northwest USA software company. [EMAIL PROTECTED] is the proper alias for security bugs. :-) Nick Boyce wrote: On 1/7/07, Nicob <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] is the only standardized security contact (as defi

Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?)

Opinions are still... just that... opinions. However Mr. Litchfield is in the category of expert that would be deemed an "expert witness" in a court of law. His CV is impeccable, his factual research has much merit, his reputation in this area is unparalleled. On the factual evidence of pub

Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]

"A" patch ..not "The" patch. There's a difference.. third party patches makes me unsupported. This too has to be weighed when deciding risk factors. Gadi Evron wrote: On Mon, 25 Sep 2006, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Jesper's Blo

Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]

Jesper's Blog : More options on protecting against recent IE vulnerabilities on a domain: http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspx I like that option better. Leaves me supported and honestly I've not see

Re: Microsoft confirmed Word 0-day vulnerability

Better workaround is to upgrade. If you see any attacks/web sites hosting files, please note the locations and notify [EMAIL PROTECTED] Juha-Matti Laurio wrote: This zero-day vulnerability and related attacks has been confirmed by Microsoft today. This issue affects to Word version 2000. It

Re: TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability

There's still an unpatched DOS for the server service as blogged on the MSRC blog: Also - an additional point of clarification - its important to distinguish that while MS06-040 addresses a vulnerability in the Server Servi

Re: Latest MS patches kill wireless networking?

http://support.microsoft.com/default.aspx?scid=kb;en-us;904942 And he also patched things in the "optional" section and not high priority.as that patch is only offerred up in the "middle" section. Did you also download driver patches in that bundle? I only patch in the upper section. (S