Microsoft Security Advisory (943521)

  • Thread starter Thread starter Donna Buenaventura \(MVP\)
  • Start date Start date
D

Donna Buenaventura \(MVP\)

Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with
Windows Internet Explorer 7 Could Allow Remote Code Execution
Published: October 10, 2007

Microsoft is investigating public reports of a remote code execution
vulnerability in supported editions of Windows XP and Windows Server 2003
with Windows Internet Explorer 7 installed. We are not aware of attacks that
try to use the reported vulnerability or of customer impact at this time.
Microsoft is investigating the public reports.

This vulnerability does not affect Windows Vista or any supported editions
of Windows where Internet Explorer 7 is not installed.

More info at http://www.microsoft.com/technet/security/advisory/943521.mspx

Regards,

Donna Buenaventura
Microsoft MVP - Windows Security 2004/2007
Calendar of Updates: http://cou.dozleng.com
 
Donna Buenaventura (MVP) said:
Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with
Windows Internet Explorer 7 Could Allow Remote Code Execution
Published: October 10, 2007

Microsoft is investigating public reports of a remote code execution
vulnerability in supported editions of Windows XP and Windows Server 2003
with Windows Internet Explorer 7 installed. We are not aware of attacks that
try to use the reported vulnerability or of customer impact at this time.
Microsoft is investigating the public reports.

This vulnerability does not affect Windows Vista or any supported editions
of Windows where Internet Explorer 7 is not installed.

More info at http://www.microsoft.com/technet/security/advisory/943521.mspx

More "more info" with some background infos added at
http://blogs.technet.com/msrc/archi...d-background-on-security-advisory-943521.aspx

Bye,
Freu"I hate when they do this"di
 
Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.
 
943521 is a security advisory, and such this is a security homeuser section
which covers every Windows Operating System from windows 3.+ to Windows 2008
rc if a home user is using it and I`ve known few.

It`s just a general advisory for eveyone - as per specific XP Sp2 users .
 
Milo (MSPSS) said:
943521 is a security advisory, and such this is a security homeuser section
which covers every Windows Operating System from windows 3.+ to Windows 2008
rc

YOU WRONG!
This vulnerability does not affect Windows Vista.
Most of MVP are very ignorant!
 
YOU WRONG!
This vulnerability does not affect Windows Vista.
Most of MVP are very ignorant!

Milo is not an MVP, he apparently works as a vendor of Microsoft's Product
Support Services.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
K: A term used in employment ads to disguise how much they are really
willing
to pay.
 
"YOU WRONG" ...no speekee Engleeezh veery well ?

....Just WHERE in the NG title does it say Vista ? ...you ignorant little
s**t !
 
"YOU'RE WRONG," ...you ignorant little s**t !

Most of the MVP's are polite and helpful, less than a handful are ignorant,
.....and that's not usually ignorance, it's more a case of they, "don't
suffer fools lightly."
 
It was cross-posted to a Vista newsgroup ;-)

| "YOU WRONG" ...no speekee Engleeezh veery well ?
|
| ...Just WHERE in the NG title does it say Vista ? ...you ignorant little
| s**t !
|
|
|
| | >
| >
| > "Milo (MSPSS)" wrote:
| >
| >> 943521 is a security advisory, and such this is a security homeuser
| >> section
| >> which covers every Windows Operating System from windows 3.+ to Windows
| >> 2008
| >> rc
| >
| > YOU WRONG!
| > This vulnerability does not affect Windows Vista.
| > Most of MVP are very ignorant!
|
|
 
It is being posted to the Microsoft.public.windows.vista.security group as
well. Check your headers before calling someone ignorant.
 
Donna said:
Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003
with Windows Internet Explorer 7 Could Allow Remote Code Execution
Published: October 10, 2007

Microsoft is investigating public reports of a remote code execution
vulnerability in supported editions of Windows XP and Windows
Server 2003 with Windows Internet Explorer 7 installed. We are not
aware of attacks that try to use the reported vulnerability or of
customer impact at this time. Microsoft is investigating the public
reports.

This vulnerability does not affect Windows Vista or any supported
editions of Windows where Internet Explorer 7 is not installed.

More info at
http://www.microsoft.com/technet/security/advisory/943521.mspx
Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.
943521 is a security advisory, and such this is a security homeuser
section which covers every Windows Operating System from windows
3.+ to Windows 2008 rc if a home user is using it and I`ve known
few.

It`s just a general advisory for eveyone - as per specific XP Sp2
users .
YOU WRONG!
This vulnerability does not affect Windows Vista.
Most of MVP are very ignorant!

mikk,

If you feel that the original posting should not have been in a specific
group (one of the many it was cross-posted to) it would be particularly
helpful if you had done one of two possible things:

1) Listed the group to which the message likely should not have been
crossposted into in the body of your message (with the reasoning behind the
lack of need to post it there.)

2) Only responded within the group where the message likely should not have
been crossposted into - that way if you did not use the first method to
clarify your meaning - it would have been obvious which group you were
referring to, and anyone arguing with you in the single-group posted part of
this conversation would have had to re-crosspost the thread you started or
argue about it in the single group you felt wronged in.

For example, if you had posted (crossposted or not) the following, it would
be difficult to argue with:

The original message was posted to:

- microsoft.public.internetexplorer.security
- microsoft.public.officeupdate
- microsoft.public.security.virus
- microsoft.public.windowsupdate
- microsoft.public.security.homeusers
- microsoft.public.windows.vista.security

It was about:

Microsoft Security Advisory: Vulnerability in Windows XP
and Windows Server 2003 URL handling could allow remote
code execution
http://support.microsoft.com/kb/943521

Which, if you follow up and go to the further information on it found here:
http://www.microsoft.com/technet/security/advisory/943521.mspx
(Which was posted in the original posting as well...)

You will see clearly this part of the notification:
"This vulnerability does not affect Windows Vista or any supported editions
of Windows where Internet Explorer 7 is not installed."

Given that - one could argue (quite effectively) that it was not necessary
to post the notification given in the original post to the following groups
from the original list of those crossposted to:

- microsoft.public.officeupdate
- microsoft.public.windows.vista.security

However - as it *may* be important to the people in said newsgroups as well
as those in the obviously relevant newsgroups, it didn't hurt to put them
there too. Chances are those running Vista likely have a Windows XP or
Windows 2003 machine (with Internet Explorer 7 installed) or know someone
who does and those who use Microsoft Office likely have some Microsoft
operating system, one of which may be WIndows 2003 or Windows XP (with
Internet Explorer 7 installed.)


One further note/question for mikk...

I notice that in your replies, you crossposted to all the original locations
excluding:
- microsoft.public.internetexplorer.security
Is there a particular reason for this, or was it perhaps an oversight on
your part?

(Yes - I added it back to this crossposted reply.)
 
mikk said:
Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.

What useless message???????????????

Have you replied in the correct thread.
 
mikk said:
Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.
This is not a Vista only newsgroup, thus it is no useless to a great
many of us. If you want vista only why don subscribe to that group?

--
Rick
Fargo, ND
N 46°53.251"
W 096°48.279"

Remember the USS Liberty

http://www.ussliberty.org/
 
On the point it doesnt affect Vista you are right, but I would like to ask
you not to be rude
as you indicated

Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.

Cool down dude...
 
MiLO, do you still have an official employment relationship with MS PSS
(Product Support Services)? I ask because I'm not aware of any MS MVP who
also works for Microsoft or who includes MSPSS in their newsgroup signature.
 
MiLO, do you still have an official employment relationship with MS PSS
(Product Support Services)? I ask because I'm not aware of any MS MVP who
also works for Microsoft or who includes MSPSS in their newsgroup signature.

You don't understand what a "v-" account means. Milo does not have a direct
employment relationship with Microsoft. I was a "v-" for 12 some odd years
and was still able to be an MVP. Only FTEs of Microsoft have to give up
their MVP status. A v- is a vendor who has an account on Microsoft's
network. Not even close to being an employee.
 
Back
Top