HggdH <hggdhat_private> wrote: > . From: "Paul Szabo" <pszat_private> > . [[ MS02-065 is ] Just as exploitable after the patch. ] > > Quoting: "What steps could I follow to prevent the control from being > silently re-introduced onto my system? The simplest way is to make sure you > have no trusted publishers, including Microsoft." The work-arounds suggested by Microsoft probably work. They might even "come clean" and suggest to disable ActiveX, or even go as far as to ask users to "get off" IE (and use Netscape or Mozilla or whatever), or to upgrade to Linux. The fact remains that installing the patch does not protect the (IE) user. > . Is this what Microsoft calls "responsible disclosure"? > > The real interesting part, for me, is that the trust on the trusting > mechanism has been shattered. Finally. Agreed. Cheers, Paul Szabo - pszat_private http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sat Nov 23 2002 - 03:14:56 PST