MS Windows and Office CRITICAL UPDATE Security Bulletin MS02-050 -- New 9-5-02

[Sunner]

Originally posted by: nord1899
Question: Is this for IE or would Mozilla be affected by it?

Nope, Mozilla is not affected.
Opera and Konqueror were affected as well, though Opera released 6.05 a few days later, and the KDE team released a patch to their CVS 5 hours after this was first posten on Bugtraq, and released KDE 3.0.3 which corrected it a little less than a week later.
This isn't exactly new, if I remember correctly, this flaw was first published on Bugtraq about a month ago, Microsoft just didn't respond to it.

 

[rh71]

WIN2k version has become available. But give me another 3 minutes before y'all steal all the bandwidth (it's slow).

 

[rh71]

Assuming I understand the vulnerability... any systems administrators here think that installing this patch ON (web)SERVERS and such would not be necessary? We don't browse via the servers anyway. These servers have SSL themselves though.

 

[Moonbeam]

Got notified of a big IE6 update too.

 

[DanFungus]

ok, good, at least it's been released

 

[Harvey]

Originally posted by: DanFungus
ok, good, at least it's been released

... Or it escaped.

 

[PG]

Neither this patch nor IE6 SP1 show up on windowsupdate for me.
Releasing patches and making them easy to find for the masses are two different things.

 

[Harvey]

Escape path for Win 2K update.

 

[Jgtdragon]

Downloaded and installed the patch.

 

[Moonbeam]

got notification, 98SE, of another cirtical update this morning.

 

[Lunarcade]

Originally posted by: rh71
Assuming I understand the vulnerability... any systems administrators here think that installing this patch ON (web)SERVERS and such would not be necessary? We don't browse via the servers anyway. These servers have SSL themselves though.

I can't think of a single good reason to leave any security hole open...

 

[cmdavid]

faster server for win2k update... got dled 7MB in 45sec