Microsoft Security Advisory (943521)

Discussion in 'Windows Vista Security' started by Donna Buenaventura \(MVP\), Oct 11, 2007.

  1. Microsoft Security Advisory (943521)
    URL Handling Vulnerability in Windows XP and Windows Server 2003 with
    Windows Internet Explorer 7 Could Allow Remote Code Execution
    Published: October 10, 2007

    Microsoft is investigating public reports of a remote code execution
    vulnerability in supported editions of Windows XP and Windows Server 2003
    with Windows Internet Explorer 7 installed. We are not aware of attacks that
    try to use the reported vulnerability or of customer impact at this time.
    Microsoft is investigating the public reports.

    This vulnerability does not affect Windows Vista or any supported editions
    of Windows where Internet Explorer 7 is not installed.

    More info at http://www.microsoft.com/technet/security/advisory/943521.mspx

    Regards,

    Donna Buenaventura
    Microsoft MVP - Windows Security 2004/2007
    Calendar of Updates: http://cou.dozleng.com
     
    Donna Buenaventura \(MVP\), Oct 11, 2007
    #1
    1. Advertisements

  2. More "more info" with some background infos added at
    http://blogs.technet.com/msrc/archi...d-background-on-security-advisory-943521.aspx

    Bye,
    Freu"I hate when they do this"di
     
    Ottmar Freudenberger, Oct 11, 2007
    #2
    1. Advertisements

  3. Donna Buenaventura \(MVP\)

    mikk Guest

    Why you're posting this useless message here?
    This vulnerability does not affect Windows Vista.
     
    mikk, Oct 11, 2007
    #3
  4. 943521 is a security advisory, and such this is a security homeuser section
    which covers every Windows Operating System from windows 3.+ to Windows 2008
    rc if a home user is using it and I`ve known few.

    It`s just a general advisory for eveyone - as per specific XP Sp2 users .
     
    Milo \(MSPSS\), Oct 11, 2007
    #4
  5. And add to such Windows Using IE7 if you may specific to XP and Windows
    2003
     
    Milo \(MSPSS\), Oct 11, 2007
    #5
  6. Donna Buenaventura \(MVP\)

    mikk Guest

    YOU WRONG!
    This vulnerability does not affect Windows Vista.
    Most of MVP are very ignorant!
     
    mikk, Oct 11, 2007
    #6
  7. Donna Buenaventura \(MVP\)

    Paul Adare Guest

    Milo is not an MVP, he apparently works as a vendor of Microsoft's Product
    Support Services.

    --
    Paul Adare
    MVP - Virtual Machines
    http://www.identit.ca
    K: A term used in employment ads to disguise how much they are really
    willing
    to pay.
     
    Paul Adare, Oct 11, 2007
    #7
  8. Donna Buenaventura \(MVP\)

    RJK Guest

    "YOU WRONG" ...no speekee Engleeezh veery well ?

    ....Just WHERE in the NG title does it say Vista ? ...you ignorant little
    s**t !
     
    RJK, Oct 11, 2007
    #8
  9. Donna Buenaventura \(MVP\)

    RJK Guest

    "YOU'RE WRONG," ...you ignorant little s**t !

    Most of the MVP's are polite and helpful, less than a handful are ignorant,
    .....and that's not usually ignorance, it's more a case of they, "don't
    suffer fools lightly."
     
    RJK, Oct 11, 2007
    #9
  10. It was cross-posted to a Vista newsgroup ;-)

    | "YOU WRONG" ...no speekee Engleeezh veery well ?
    |
    | ...Just WHERE in the NG title does it say Vista ? ...you ignorant little
    | s**t !
    |
    |
    |
    | | >
    | >
    | > "Milo (MSPSS)" wrote:
    | >
    | >> 943521 is a security advisory, and such this is a security homeuser
    | >> section
    | >> which covers every Windows Operating System from windows 3.+ to Windows
    | >> 2008
    | >> rc
    | >
    | > YOU WRONG!
    | > This vulnerability does not affect Windows Vista.
    | > Most of MVP are very ignorant!
    |
    |
     
    Tom [Pepper] Willett, Oct 11, 2007
    #10
  11. Donna Buenaventura \(MVP\)

    Nick Simpson Guest

    It is being posted to the Microsoft.public.windows.vista.security group as
    well. Check your headers before calling someone ignorant.
     
    Nick Simpson, Oct 11, 2007
    #11
  12. mikk,

    If you feel that the original posting should not have been in a specific
    group (one of the many it was cross-posted to) it would be particularly
    helpful if you had done one of two possible things:

    1) Listed the group to which the message likely should not have been
    crossposted into in the body of your message (with the reasoning behind the
    lack of need to post it there.)

    2) Only responded within the group where the message likely should not have
    been crossposted into - that way if you did not use the first method to
    clarify your meaning - it would have been obvious which group you were
    referring to, and anyone arguing with you in the single-group posted part of
    this conversation would have had to re-crosspost the thread you started or
    argue about it in the single group you felt wronged in.

    For example, if you had posted (crossposted or not) the following, it would
    be difficult to argue with:

    The original message was posted to:

    - microsoft.public.internetexplorer.security
    - microsoft.public.officeupdate
    - microsoft.public.security.virus
    - microsoft.public.windowsupdate
    - microsoft.public.security.homeusers
    - microsoft.public.windows.vista.security

    It was about:

    Microsoft Security Advisory: Vulnerability in Windows XP
    and Windows Server 2003 URL handling could allow remote
    code execution
    http://support.microsoft.com/kb/943521

    Which, if you follow up and go to the further information on it found here:
    http://www.microsoft.com/technet/security/advisory/943521.mspx
    (Which was posted in the original posting as well...)

    You will see clearly this part of the notification:
    "This vulnerability does not affect Windows Vista or any supported editions
    of Windows where Internet Explorer 7 is not installed."

    Given that - one could argue (quite effectively) that it was not necessary
    to post the notification given in the original post to the following groups
    from the original list of those crossposted to:

    - microsoft.public.officeupdate
    - microsoft.public.windows.vista.security

    However - as it *may* be important to the people in said newsgroups as well
    as those in the obviously relevant newsgroups, it didn't hurt to put them
    there too. Chances are those running Vista likely have a Windows XP or
    Windows 2003 machine (with Internet Explorer 7 installed) or know someone
    who does and those who use Microsoft Office likely have some Microsoft
    operating system, one of which may be WIndows 2003 or Windows XP (with
    Internet Explorer 7 installed.)


    One further note/question for mikk...

    I notice that in your replies, you crossposted to all the original locations
    excluding:
    - microsoft.public.internetexplorer.security
    Is there a particular reason for this, or was it perhaps an oversight on
    your part?

    (Yes - I added it back to this crossposted reply.)
     
    Shenan Stanley, Oct 11, 2007
    #12
  13. Donna Buenaventura \(MVP\)

    Antioch Guest

    What useless message???????????????

    Have you replied in the correct thread.
     
    Antioch, Oct 11, 2007
    #13
  14. Donna Buenaventura \(MVP\)

    Rick Guest

    This is not a Vista only newsgroup, thus it is no useless to a great
    many of us. If you want vista only why don subscribe to that group?

    --
    Rick
    Fargo, ND
    N 46°53.251"
    W 096°48.279"

    Remember the USS Liberty

    http://www.ussliberty.org/
     
    Rick, Oct 11, 2007
    #14
  15. Donna Buenaventura \(MVP\)

    RJK Guest

    I did notice that but, couldn't resist "having a go" :)

    regards, Richard
     
    RJK, Oct 11, 2007
    #15
  16. On the point it doesnt affect Vista you are right, but I would like to ask
    you not to be rude
    as you indicated

    Why you're posting this useless message here?
    This vulnerability does not affect Windows Vista.

    Cool down dude...
     
    Milo \(MSPSS\), Oct 11, 2007
    #16
  17. Milo \(MSPSS\), Oct 11, 2007
    #17
  18. Tom [Pepper] Willett, Oct 11, 2007
    #18
  19. Donna Buenaventura \(MVP\)

    PA Bear Guest

    MiLO, do you still have an official employment relationship with MS PSS
    (Product Support Services)? I ask because I'm not aware of any MS MVP who
    also works for Microsoft or who includes MSPSS in their newsgroup signature.
     
    PA Bear, Oct 12, 2007
    #19
  20. Donna Buenaventura \(MVP\)

    Paul Adare Guest

    You don't understand what a "v-" account means. Milo does not have a direct
    employment relationship with Microsoft. I was a "v-" for 12 some odd years
    and was still able to be an MVP. Only FTEs of Microsoft have to give up
    their MVP status. A v- is a vendor who has an account on Microsoft's
    network. Not even close to being an employee.
     
    Paul Adare, Oct 12, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.