Re: [SLUG] another MS security flaw ("image" that)

From: Chad Perrin (perrin@apotheon.com)
Date: Wed Sep 15 2004 - 11:49:30 EDT

Next message: Bryan J. Smith: "[SLUG] Re: OT: M$ deals the final blow"
Previous message: Jeff: "Re: [SLUG] OT: M$ deals the final blow"
In reply to: Robert Snyder: "Re: [SLUG] another MS security flaw ("image" that)"
Next in thread: Tyler Vann-Campbell: "Re: [SLUG] Gmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Robert Snyder wrote:
> On Tue, 14 Sep 2004 21:41:49 -0400, Pete S. <linux@myraandpete.net> wrote:
>
>>For those that get a kick out of MS flaws. This allows a remote
>>attacker to take over a system... when the user views a jpg.
>>
>>"This update resolves a newly-discovered, privately reported
>>vulnerability. A buffer overrun
>><http://go.microsoft.com/fwlink/?LinkId=21142> vulnerability exists in
>>the processing of JPEG image formats that could allow remote code
>>execution on an affected system. The vulnerability is documented in this
>>bulletin in its own section.
>>
>>If a user is logged on with administrator privileges, an attacker who
>>successfully exploited this vulnerability could take complete control of
>>an affected system, including installing programs; viewing, changing, or
>>deleting data; or creating new accounts with full privileges. Users
>>whose accounts are configured to have fewer privileges on the system
>>would be at less risk than users who operate with administrative
>>privileges."
>>
>>http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
>
>
>
> Not an issue if you have sp2 installed according to microsoft
>

It's not an issue if you switch to Linux or BSD, either.

Of course, installing SP2 for XP (or SP3 for 2k, which they also claim
solves this problem) to fix this security hole is like poking a nine
inch radius hole in the hull of your boat so that you'll have a disk of
material large enough to patch an eight inch hole in some other part of
the hull of your boat. When forced to use Windows, I use security
measures that actually WORK without introducing new security issues.
Such measures generally involve installing non-MS software, such as
Firefox instead of Internet Explorer and Thunderbird instead of Outlook
Express.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: Bryan J. Smith: "[SLUG] Re: OT: M$ deals the final blow"
Previous message: Jeff: "Re: [SLUG] OT: M$ deals the final blow"
In reply to: Robert Snyder: "Re: [SLUG] another MS security flaw ("image" that)"
Next in thread: Tyler Vann-Campbell: "Re: [SLUG] Gmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:42:41 EDT