Microsoft Security Advisory (922437): Exploit Code Published Affectingthe Server Service ( KB917537 )

Microsoft Security Advisory (922437)
http://www.microsoft.com/technet/sec...ry/922437.mspx

> Microsoft is aware that detailed exploit code has been published on the
> Internet for the vulnerability that is addressed by Microsoft security
> bulletin MS06-040. Microsoft has verified the published exploit code to
> work on Windows 2000 and Windows XP Service Pack 1 only; this code does
> not affect Windows XP Service Pack 2, Windows Server 2003, or Windows
> Server 2003 Service Pack 1. At this time our investigation of this exploit
> code has verified that it does not affect customers who have installed the
> update detailed in MS06-040.

The Microsoft Security Response Center Blog reports :
http://blogs.technet.com/msrc/archiv...11/446078.aspx

> This morning we released Security Advisory 922437 because we're aware of
> exploit code that has been published on the Internet for the vulnerability
> that is addressed by Microsoft security bulletin MS06-040. We've verified
> that this exploit code can allow remote code to execute on Windows 2000
> and Windows XP Service Pack 1 only. In its current state, this code
> does not affect Windows XP Service Pack 2, Windows Server 2003, or Windows
Server
> 2003 Service Pack 1. Also, we've verified that this exploit code does not
> affect customers who have installed the MS06-040 update on their systems.


Direct download links to the update are in the MS06-040 Security
Bulletin under the " Tested Software and Security Update Download Locations
Affected Software: " heading -

http://www.microsoft.com/technet/sec.../MS06-040.mspx


MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============

I knew that this would 'bite' MS in the end someday. I've constantly 'sent
reports' to MS thru the years about their software NOT checking return codes
when allocating buffers in software.

I've sent reports over and over since Windows 95. Windows is fraught with
these problems throughout many of the DLLs, and as Windows' is getting
bigger, so are the problems ... and hackers know it.

I don;t understand where their heads are at when developing new software and
not verifying simple return codes and error checking.

"MowGreen [MVP]" <> wrote in message
news:...
> Microsoft Security Advisory (922437)
> http://www.microsoft.com/technet/sec...ry/922437.mspx
>
>> Microsoft is aware that detailed exploit code has been published on the
>> Internet for the vulnerability that is addressed by Microsoft security
>> bulletin MS06-040. Microsoft has verified the published exploit code to
>> work on Windows 2000 and Windows XP Service Pack 1 only; this code does
>> not affect Windows XP Service Pack 2, Windows Server 2003, or Windows
>> Server 2003 Service Pack 1. At this time our investigation of this
>> exploit code has verified that it does not affect customers who have
>> installed the update detailed in MS06-040.
>
> The Microsoft Security Response Center Blog reports :
> http://blogs.technet.com/msrc/archiv...11/446078.aspx
>
>> This morning we released Security Advisory 922437 because we're aware of
>> exploit code that has been published on the Internet for the
>> vulnerability that is addressed by Microsoft security bulletin MS06-040.
>> We've verified that this exploit code can allow remote code to execute on
>> Windows 2000 and Windows XP Service Pack 1 only. In its current state,
>> this code does not affect Windows XP Service Pack 2, Windows Server 2003,
>> or Windows
> Server
>> 2003 Service Pack 1. Also, we've verified that this exploit code does not
>> affect customers who have installed the MS06-040 update on their systems.
>
>
> Direct download links to the update are in the MS06-040 Security Bulletin
> under the " Tested Software and Security Update Download Locations
> Affected Software: " heading -
>
> http://www.microsoft.com/technet/sec.../MS06-040.mspx
>
>
> MowGreen [MVP 2003-2006]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>