WARNING! Flawed Microsoft Patch
Results 1 to 5 of 5

Thread: WARNING! Flawed Microsoft Patch

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Exclamation WARNING! Flawed Microsoft Patch

    It seems that the patch for Microsoft Security Bulletin MS03-032 may be flawed.

    Customers of mine who have applied the patch are still getting hit with Backdoor.Coreflood.dr which exploits the vulnerability described in MS03-032.

    Here is an article regarding the fact that the patch itself may be flawed:

    See this article: Microsoft IE security patch thrown in doubt

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Tony: Since the variant you reference is transmitted via an infectewd web page why does your client keep going to this page????

    I dunno.... It just seems silly to me.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Its not one customer or one web page. It is a variety of people visiting a variety of sites.

    I have seen information on various lists that there are a number of web sites that seem to have been hacked and contain this malicious code.

    Besides- whether or not my customers are morons isn't the point. The point is that these machines had the patch applied and should be protected from the MS03-032 vulnerability and yet still the exploit worked.

  4. #4
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Cool Microsoft stands by IE security patch

    Microsoft has made their official statement regarding the allegedly flawed MS03-032 patch. It is sort of public relations double-speak worthy of a politician campaigning for office.

    Basically- they claim that the patch does in fact fix the flaws it was intended to fix. They further claim that these machines that have the MS03-032 patch and were nonetheless affected by some exploit are actually the result of a NEW vulnerability or "variation" on the vulnerabilities reported in MS03-032.

    They are investigating and 'upon completion of our investigation we will take appropriate action to protect our customers.'

    To me, this translates to "we blatantly missed fixing a facet of the vulnerability and rather than admit that we are going to claim that it is actually an entirely different vulnerability". But, I could be wrong.

    Here is an article from PCPro: Microsoft stands by IE security patch

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Microsoft isn't Linux. It makes mistakes

    On a more serious note, I will be following this article closely. The vulnerability could be in effect simply because as soon as the patch was first issued the creators of the exploit altered to code to make the process immune from the issued patch. It happens.

    Nice post though, tony.

    -{[ Joe ]}- (Joe@nitesecurity.com)

    [shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts