BugTraq
Back to list
|
Post reply
What Win2k SP4 doesn't fix (security), but says it does...
Jul 08 2003 01:46PM
m_a_s2mp yahoo com
In my testing these security bulleints aren't fixed in Win2k SP4,
but are documented that they are at this link:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/w2kSP4.asp
1. MS02-053. It fixes the FPSE 2000 vulnerability, but
not FPSE 2002.
2. MS03-019. It updates the vulnerable files in only 1
location, not both locations where niislog.dll is stored
(\inetpub\scripts and \winnt\system32\windows
media\server).
3. MS02-032. It fixes WMP 6.4, but only updates 2 of the
5 vulnerable files in WMP 7.1.
4. MS03-014. It fixes the vulnerability for OE 5.5, but not
OE 6.0 SP1.
One that did get fixed, but is not documented in the
link, is MS01-022 (as of this post).
Anyone else find these in their testing?
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
In my testing these security bulleints aren't fixed in Win2k SP4,
but are documented that they are at this link:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/w2kSP4.asp
1. MS02-053. It fixes the FPSE 2000 vulnerability, but
not FPSE 2002.
2. MS03-019. It updates the vulnerable files in only 1
location, not both locations where niislog.dll is stored
(\inetpub\scripts and \winnt\system32\windows
media\server).
3. MS02-032. It fixes WMP 6.4, but only updates 2 of the
5 vulnerable files in WMP 7.1.
4. MS03-014. It fixes the vulnerability for OE 5.5, but not
OE 6.0 SP1.
One that did get fixed, but is not documented in the
link, is MS01-022 (as of this post).
Anyone else find these in their testing?
[ reply ]