Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 02 > 110115.html (Request Expert securityfocus.com Support)

RE: Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)

From: Fraser Hugh <hugh_fraser(at)dofasco.ca>
Date: Thu Nov 28 2002 - 10:37:41 EST


I have the same concerns with the message contained in the security bulletin. When I read between the lines, it seems to me that the "more permanent" solution referred to will be the one Microsoft already has in their back pocket... upgrade to 2.7. It is possible to prevent users from adding entries to the trusted publishers list, but when combined with removing Microsoft from the Trusted Publishers, it results in an unacceptable browser configuration for us.

We are, therefore, focusing our resources on a 2.7 upgrade for our systems.

I'd like to hear from others about their reaction/solution to the bulletin. While Microsoft categorizes the vulnerability as critical, our representative was surprised we were calling for any info about it. Apparently we were the only ones.

> -----Original Message-----
> From: Harris, Ken [mailto:KHarris@HIPUSA.com]
Received on Thu Nov 28 17:20:42 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library