Re: Another Zero-Day Windows Exploit

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Another Zero-Day Windows Exploit

Subject: Re: Another Zero-Day Windows Exploit
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Sat, 07 Oct 2006 16:36:36 +0100
Newsgroups: comp.os.linux.advocacy
Organization: schestowitz.com / ISBE, Manchester University / ITS / Netscape / MCC
References: <1196430.6eEi7FUsUA@schestowitz.com> <1tic4v676amwh.dlg@funkenbusch.com> <j7gkv3-0e5.ln1@dog.did.it> <1tvl9ko40i4n3$.dlg@funkenbusch.com> <1160234120.453847.313430@i3g2000cwc.googlegroups.com>
Reply-to: newsgroups@xxxxxxxxxxxxxxx
User-agent: KNode/0.7.2

__/ [ Rex Ballard ] on Saturday 07 October 2006 16:15 \__

> Erik Funkenbusch wrote:
>> On Sat, 7 Oct 2006 13:38:59 +0200, Roy Culley wrote:
>>
>> > begin  risky.vbs
>> > <1tic4v676amwh.dlg@xxxxxxxxxxxxxxx>,
>> > Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> writes:
>> >>> http://hackersblog.itproportal.com/?p=352
>> >>
>> >> I dunno, i went to the test page, and clicked the button, and it
>> >> didn't crash my browser.  I'm running IE7 RC1.  The only thing that
>> >> happened was it asked me to run an unsafe ActiveX control, which i
>> >> didn't do.
>> >
>> > http://secunia.com/advisories/22159/
>> >
>> >     Successful exploitation allows execution of arbitrary code.
>> >
>> >     NOTE: Exploit code is publicly available.
>> >
>> >     The vulnerability is confirmed on a fully patched system with
>> >     Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions
>> >     may also be affected.
>>
>> But apparently not IE7.  Just goes to show that Microsoft is reducing the
>> risks with IE7.
> 
> Yep.  Another PERFECT example of Microsoft's "strategic" management of
> fixes, desgined to force-feed us new products designed to displace
> competitor products.
> 
> Strategy here:
>     FireFox is getting huge market share, up to 30% by some estimates.
>     IE6 can't compete
>     Force everybody to upgrade to IE7 by NOT fixing the bug in IE6
>     Then make all comparisons between IE7 and FireFox.
> 
> Or maybe just put little changes to critical libraries used by IE7 that
> make FireFox a little "buggy" (after all, it still has to call some of
> Microsoft's library routines).
> 
> But of course we have to wait a while.

Internet Explorer 7 will be delivered as a "high priority" security update
(yes, to XP users who already have Firefox). The antitrust folks need to
wake up. The 'update' system is being misused; instead, it's used as a
marketing tool which hurts rivals. As Vista will fail to sell, it's
potentially more anti-competitive than the bundling of IE in /subsequent/
versions of Windows in order to combat Netscape.

Best wishes,

Roy

-- 
Roy S. Schestowitz      | Linux: stop maintenance; get more actual work done
http://Schestowitz.com  | Free as in Free Beer ¦  PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 1.01 1.04 1.02 1/149 1604
      http://iuron.com - semantic search engine project initiative

References:
- [News] Another Zero-Day Windows Exploit
  - From: Roy Schestowitz
- Re: [News] Another Zero-Day Windows Exploit
  - From: Roy Culley

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index