|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Microsoft patches flawed, security company claims By Patrick Gray, 0 November 26, 2002 URL: http://www.zdnet.com.au/news/security/soa/Microsoft-patches-flawed-security-company-claims/0,130061744,120270209,00.htm
Two security patches recently released by Microsoft do not completely work, according to IT security company Secunia. In an advisory released last Friday, Secunia have raised doubts over patches accompanying Microsoft Security Bulletins MS02-065 and MS02-066. The Secunia advisory says that the patch to MS02-065 "...allows an old component to be reactivated - without any warning, thus the vulnerability may still be exploited." Referring to MS02-066, the Secunia advisory says that the patch was supposed to fix a vulnerability that "...allowed malicious websites to execute executable files in the local security zone". However according to the Secunia advisory "...what has been closed is another vulnerability, which made it possible to pass arguments to the executable file. It is also still possible to read contents of the clipboard as well as writing new contents to it". The advisory also makes mention of the fact that "Microsoft has known about these vulnerabilities at least since 22nd October 2002". Secunia also say that it is "...likely that these vulnerabilities will be exploited on a broad scale soon". Secunia expect Microsoft to release a revised bulletin. Microsoft were unable to comment at the time of writing.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
