Re-release of Microsoft Security Bulletin MS99-042

From: Aleph One (aleph1at_private)
Date: Thu Nov 04 1999 - 15:18:30 PST

Next message: ah1at_private: "RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd)"

Previous message: Alberto Soliño: "Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

On October 15, 1999, Microsoft released Security Bulletin MS99-042, which
discussed the availability of a patch that eliminates the "IFRAME
ExecCommand" vulnerability in Microsoft(r) Internet Explorer 4.01 and 5.0.
However, we subsequently determined that the patch contained a regression
error.  While the patch did provide protection against the "IFRAME
ExecCommand" vulnerability, it re-exposed a previously-patched security
vulnerability.  We have corrected the regression error and re-released the
patch.

We have updated the security bulletin and FAQ, and it is available at
http://www.microsoft.com/security/bulletins/ms99-042.asp.  The updated
bulletin contains information on the vulnerability, the regression error,
and the updated patch.  Please note that the regression error only affected
the IE 5.0 version of the patch; the patch for IE 4.01 was unaffected, and
customers who applied it do not need to take any action.

We apologize for any inconvenience caused by this incident, and are working
to improve our process in order to prevent similar incidents in the future.
Regards,

The Microsoft Security Response Team

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUESTat_private
The subject line and message body are not used in processing the request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification  Service
please visit http://www.microsoft.com/security/services/bulletin.asp. For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

Next message: ah1at_private: "RealNetworks RealServer G2 buffer overflow - WORKAROUND (fwd)"
Previous message: Alberto Soliño: "Re: WFTPD v2.40 FTPServer remotely exploitable buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:44 PDT