Microsoft Security Advisory (943521)

  • Thread starter Donna Buenaventura \(MVP\)
  • Start date
D

Donna Buenaventura \(MVP\)

Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with
Windows Internet Explorer 7 Could Allow Remote Code Execution
Published: October 10, 2007

Microsoft is investigating public reports of a remote code execution
vulnerability in supported editions of Windows XP and Windows Server 2003
with Windows Internet Explorer 7 installed. We are not aware of attacks that
try to use the reported vulnerability or of customer impact at this time.
Microsoft is investigating the public reports.

This vulnerability does not affect Windows Vista or any supported editions
of Windows where Internet Explorer 7 is not installed.

More info at http://www.microsoft.com/technet/security/advisory/943521.mspx

Regards,

Donna Buenaventura
Microsoft MVP - Windows Security 2004/2007
Calendar of Updates: http://cou.dozleng.com
 
O

Ottmar Freudenberger

"Donna Buenaventura (MVP)" <dbuenaventura@mvps.org> schrieb:

> Microsoft Security Advisory (943521)
> URL Handling Vulnerability in Windows XP and Windows Server 2003 with
> Windows Internet Explorer 7 Could Allow Remote Code Execution
> Published: October 10, 2007
>
> Microsoft is investigating public reports of a remote code execution
> vulnerability in supported editions of Windows XP and Windows Server 2003
> with Windows Internet Explorer 7 installed. We are not aware of attacks that
> try to use the reported vulnerability or of customer impact at this time.
> Microsoft is investigating the public reports.
>
> This vulnerability does not affect Windows Vista or any supported editions
> of Windows where Internet Explorer 7 is not installed.
>
> More info at http://www.microsoft.com/technet/security/advisory/943521.mspx

More "more info" with some background infos added at
http://blogs.technet.com/msrc/archi...d-background-on-security-advisory-943521.aspx

Bye,
Freu"I hate when they do this"di
 
M

mikk

This vulnerability does not affect Windows Vista

Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.
 
M

Milo \(MSPSS\)

Re: This vulnerability does not affect Windows Vista

943521 is a security advisory, and such this is a security homeuser section
which covers every Windows Operating System from windows 3.+ to Windows 2008
rc if a home user is using it and I`ve known few.

It`s just a general advisory for eveyone - as per specific XP Sp2 users .

"mikk" <mikk@discussions.microsoft.com> wrote in message
news:F92D3B35-D454-45BB-9F49-E812DB1009AB@microsoft.com...
> Why you're posting this useless message here?
> This vulnerability does not affect Windows Vista.
 
M

Milo \(MSPSS\)

Re: This vulnerability does not affect Windows Vista

And add to such Windows Using IE7 if you may specific to XP and Windows
2003

"mikk" <mikk@discussions.microsoft.com> wrote in message
news:F92D3B35-D454-45BB-9F49-E812DB1009AB@microsoft.com...
> Why you're posting this useless message here?
> This vulnerability does not affect Windows Vista.
 
M

mikk

Re: This vulnerability does not affect Windows Vista

"Milo (MSPSS)" wrote:

> 943521 is a security advisory, and such this is a security homeuser section
> which covers every Windows Operating System from windows 3.+ to Windows 2008
> rc

YOU WRONG!
This vulnerability does not affect Windows Vista.
Most of MVP are very ignorant!
 
P

Paul Adare

Re: This vulnerability does not affect Windows Vista

On Thu, 11 Oct 2007 05:16:00 -0700, mikk wrote:

> "Milo (MSPSS)" wrote:
>
>> 943521 is a security advisory, and such this is a security homeuser section
>> which covers every Windows Operating System from windows 3.+ to Windows 2008
>> rc
>
> YOU WRONG!
> This vulnerability does not affect Windows Vista.
> Most of MVP are very ignorant!

Milo is not an MVP, he apparently works as a vendor of Microsoft's Product
Support Services.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
K: A term used in employment ads to disguise how much they are really
willing
to pay.
 
R

RJK

Re: This vulnerability does not affect Windows Vista

"YOU WRONG" ...no speekee Engleeezh veery well ?

....Just WHERE in the NG title does it say Vista ? ...you ignorant little
s**t !



"mikk" <mikk@discussions.microsoft.com> wrote in message
news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com...
>
>
> "Milo (MSPSS)" wrote:
>
>> 943521 is a security advisory, and such this is a security homeuser
>> section
>> which covers every Windows Operating System from windows 3.+ to Windows
>> 2008
>> rc
>
> YOU WRONG!
> This vulnerability does not affect Windows Vista.
> Most of MVP are very ignorant!
 
R

RJK

Re: This vulnerability does not affect Windows Vista

"YOU'RE WRONG," ...you ignorant little s**t !

Most of the MVP's are polite and helpful, less than a handful are ignorant,
.....and that's not usually ignorance, it's more a case of they, "don't
suffer fools lightly."


"mikk" <mikk@discussions.microsoft.com> wrote in message
news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com...
>
>
> "Milo (MSPSS)" wrote:
>
>> 943521 is a security advisory, and such this is a security homeuser
>> section
>> which covers every Windows Operating System from windows 3.+ to Windows
>> 2008
>> rc
>
> YOU WRONG!
> This vulnerability does not affect Windows Vista.
> Most of MVP are very ignorant!
 
T

Tom [Pepper] Willett

Re: This vulnerability does not affect Windows Vista

It was cross-posted to a Vista newsgroup -)

"RJK" <notatospam@hotmail.com> wrote in message
news:eVbFAtADIHA.3332@TK2MSFTNGP04.phx.gbl...
| "YOU WRONG" ...no speekee Engleeezh veery well ?
|
| ...Just WHERE in the NG title does it say Vista ? ...you ignorant little
| s**t !
|
|
|
| "mikk" <mikk@discussions.microsoft.com> wrote in message
| news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com...
| >
| >
| > "Milo (MSPSS)" wrote:
| >
| >> 943521 is a security advisory, and such this is a security homeuser
| >> section
| >> which covers every Windows Operating System from windows 3.+ to Windows
| >> 2008
| >> rc
| >
| > YOU WRONG!
| > This vulnerability does not affect Windows Vista.
| > Most of MVP are very ignorant!
|
|
 
N

Nick Simpson

Re: This vulnerability does not affect Windows Vista

It is being posted to the Microsoft.public.windows.vista.security group as
well. Check your headers before calling someone ignorant.

"RJK" <notatospam@hotmail.com> wrote in message
news:eVbFAtADIHA.3332@TK2MSFTNGP04.phx.gbl...
> "YOU WRONG" ...no speekee Engleeezh veery well ?
>
> ...Just WHERE in the NG title does it say Vista ? ...you ignorant little
> s**t !
>
>
>
> "mikk" <mikk@discussions.microsoft.com> wrote in message
> news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com...
>>
>>
>> "Milo (MSPSS)" wrote:
>>
>>> 943521 is a security advisory, and such this is a security homeuser
>>> section
>>> which covers every Windows Operating System from windows 3.+ to Windows
>>> 2008
>>> rc
>>
>> YOU WRONG!
>> This vulnerability does not affect Windows Vista.
>> Most of MVP are very ignorant!
>
>
 
S

Shenan Stanley

Re: This vulnerability does not affect Windows Vista

Donna Buenaventura (MVP) wrote:
> Microsoft Security Advisory (943521)
> URL Handling Vulnerability in Windows XP and Windows Server 2003
> with Windows Internet Explorer 7 Could Allow Remote Code Execution
> Published: October 10, 2007
>
> Microsoft is investigating public reports of a remote code execution
> vulnerability in supported editions of Windows XP and Windows
> Server 2003 with Windows Internet Explorer 7 installed. We are not
> aware of attacks that try to use the reported vulnerability or of
> customer impact at this time. Microsoft is investigating the public
> reports.
>
> This vulnerability does not affect Windows Vista or any supported
> editions of Windows where Internet Explorer 7 is not installed.
>
> More info at
> http://www.microsoft.com/technet/security/advisory/943521.mspx

mikk wrote:
> Why you're posting this useless message here?
> This vulnerability does not affect Windows Vista.

Milo (MSPSS) wrote:
> 943521 is a security advisory, and such this is a security homeuser
> section which covers every Windows Operating System from windows
> 3.+ to Windows 2008 rc if a home user is using it and I`ve known
> few.
>
> It`s just a general advisory for eveyone - as per specific XP Sp2
> users .

mikk wrote:
> YOU WRONG!
> This vulnerability does not affect Windows Vista.
> Most of MVP are very ignorant!

mikk,

If you feel that the original posting should not have been in a specific
group (one of the many it was cross-posted to) it would be particularly
helpful if you had done one of two possible things:

1) Listed the group to which the message likely should not have been
crossposted into in the body of your message (with the reasoning behind the
lack of need to post it there.)

2) Only responded within the group where the message likely should not have
been crossposted into - that way if you did not use the first method to
clarify your meaning - it would have been obvious which group you were
referring to, and anyone arguing with you in the single-group posted part of
this conversation would have had to re-crosspost the thread you started or
argue about it in the single group you felt wronged in.

For example, if you had posted (crossposted or not) the following, it would
be difficult to argue with:

The original message was posted to:

- microsoft.public.internetexplorer.security
- microsoft.public.officeupdate
- microsoft.public.security.virus
- microsoft.public.windowsupdate
- microsoft.public.security.homeusers
- microsoft.public.windows.vista.security

It was about:

Microsoft Security Advisory: Vulnerability in Windows XP
and Windows Server 2003 URL handling could allow remote
code execution
http://support.microsoft.com/kb/943521

Which, if you follow up and go to the further information on it found here:
http://www.microsoft.com/technet/security/advisory/943521.mspx
(Which was posted in the original posting as well...)

You will see clearly this part of the notification:
"This vulnerability does not affect Windows Vista or any supported editions
of Windows where Internet Explorer 7 is not installed."

Given that - one could argue (quite effectively) that it was not necessary
to post the notification given in the original post to the following groups
from the original list of those crossposted to:

- microsoft.public.officeupdate
- microsoft.public.windows.vista.security

However - as it *may* be important to the people in said newsgroups as well
as those in the obviously relevant newsgroups, it didn't hurt to put them
there too. Chances are those running Vista likely have a Windows XP or
Windows 2003 machine (with Internet Explorer 7 installed) or know someone
who does and those who use Microsoft Office likely have some Microsoft
operating system, one of which may be WIndows 2003 or Windows XP (with
Internet Explorer 7 installed.)


One further note/question for mikk...

I notice that in your replies, you crossposted to all the original locations
excluding:
- microsoft.public.internetexplorer.security
Is there a particular reason for this, or was it perhaps an oversight on
your part?

(Yes - I added it back to this crossposted reply.)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
 
A

Antioch

Re: This vulnerability does not affect Windows Vista

"mikk" <mikk@discussions.microsoft.com> wrote in message
news:F92D3B35-D454-45BB-9F49-E812DB1009AB@microsoft.com...
> Why you're posting this useless message here?
> This vulnerability does not affect Windows Vista.

What useless message???????????????

Have you replied in the correct thread.
 
R

Rick

Re: This vulnerability does not affect Windows Vista

mikk wrote:
> Why you're posting this useless message here?
> This vulnerability does not affect Windows Vista.
This is not a Vista only newsgroup, thus it is no useless to a great
many of us. If you want vista only why don subscribe to that group?

--
Rick
Fargo, ND
N 46°53.251"
W 096°48.279"

Remember the USS Liberty

http://www.ussliberty.org/
 
R

RJK

Re: This vulnerability does not affect Windows Vista

I did notice that but, couldn't resist "having a go" :)

regards, Richard


"Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com> wrote in message
news:uLM7izADIHA.4752@TK2MSFTNGP04.phx.gbl...
> It was cross-posted to a Vista newsgroup -)
>
> "RJK" <notatospam@hotmail.com> wrote in message
> news:eVbFAtADIHA.3332@TK2MSFTNGP04.phx.gbl...
> | "YOU WRONG" ...no speekee Engleeezh veery well ?
> |
> | ...Just WHERE in the NG title does it say Vista ? ...you ignorant little
> | s**t !
> |
> |
> |
> | "mikk" <mikk@discussions.microsoft.com> wrote in message
> | news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com...
> | >
> | >
> | > "Milo (MSPSS)" wrote:
> | >
> | >> 943521 is a security advisory, and such this is a security homeuser
> | >> section
> | >> which covers every Windows Operating System from windows 3.+ to
> Windows
> | >> 2008
> | >> rc
> | >
> | > YOU WRONG!
> | > This vulnerability does not affect Windows Vista.
> | > Most of MVP are very ignorant!
> |
> |
>
>
 
M

Milo \(MSPSS\)

Re: This vulnerability does not affect Windows Vista

On the point it doesnt affect Vista you are right, but I would like to ask
you not to be rude
as you indicated

Why you're posting this useless message here?
This vulnerability does not affect Windows Vista.

Cool down dude...

"mikk" <mikk@discussions.microsoft.com> wrote in message
news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com...
>
>
> "Milo (MSPSS)" wrote:
>
>> 943521 is a security advisory, and such this is a security homeuser
>> section
>> which covers every Windows Operating System from windows 3.+ to Windows
>> 2008
>> rc
>
> YOU WRONG!
> This vulnerability does not affect Windows Vista.
> Most of MVP are very ignorant!
 
M

Milo \(MSPSS\)

Re: This vulnerability does not affect Windows Vista

Sad to say I am MVP for Security as well and mock upon ignorant whew...
awesome

https://mvp.support.microsoft.com/profile/Pacamarra


"Paul Adare" <pkadare@gmail.com> wrote in message
news:t7e7gobfbblb.1dnxpgh7g0jpa.dlg@40tude.net...
> On Thu, 11 Oct 2007 05:16:00 -0700, mikk wrote:
>
>> "Milo (MSPSS)" wrote:
>>
>>> 943521 is a security advisory, and such this is a security homeuser
>>> section
>>> which covers every Windows Operating System from windows 3.+ to Windows
>>> 2008
>>> rc
>>
>> YOU WRONG!
>> This vulnerability does not affect Windows Vista.
>> Most of MVP are very ignorant!
>
> Milo is not an MVP, he apparently works as a vendor of Microsoft's Product
> Support Services.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> K: A term used in employment ads to disguise how much they are really
> willing
> to pay.
 
T

Tom [Pepper] Willett

Re: This vulnerability does not affect Windows Vista

Milo...
Thanks for sharing that with us.

Tom
"Milo (MSPSS)" <V-4jpaca@mssupport.microsoft.com> wrote in message
news:6B8FE018-C4AC-4756-B957-E27C3DCB989B@microsoft.com...
| Sad to say I am MVP for Security as well |
| https://mvp.support.microsoft.com/profile/Pacamarra
|
|
 
P

PA Bear

Re: This vulnerability does not affect Windows Vista

MiLO, do you still have an official employment relationship with MS PSS
(Product Support Services)? I ask because I'm not aware of any MS MVP who
also works for Microsoft or who includes MSPSS in their newsgroup signature.
--
~PA Bear

Milo (MSPSS) wrote:
> Sad to say I am MVP for Security as well and mock upon ignorant whew...
> awesome
>
> https://mvp.support.microsoft.com/profile/Pacamarra
>
>
> "Paul Adare" <pkadare@gmail.com> wrote in message
> news:t7e7gobfbblb.1dnxpgh7g0jpa.dlg@40tude.net...
>> On Thu, 11 Oct 2007 05:16:00 -0700, mikk wrote:
>>
>>> "Milo (MSPSS)" wrote:
>>>
>>>> 943521 is a security advisory, and such this is a security homeuser
>>>> section
>>>> which covers every Windows Operating System from windows 3.+ to Windows
>>>> 2008
>>>> rc
>>>
>>> YOU WRONG!
>>> This vulnerability does not affect Windows Vista.
>>> Most of MVP are very ignorant!
>>
>> Milo is not an MVP, he apparently works as a vendor of Microsoft's
>> Product
>> Support Services.
>>
>> --
>> Paul Adare
>> MVP - Virtual Machines
>> http://www.identit.ca
>> K: A term used in employment ads to disguise how much they are really
>> willing
>> to pay.
 
P

Paul Adare

Re: This vulnerability does not affect Windows Vista

On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote:

> MiLO, do you still have an official employment relationship with MS PSS
> (Product Support Services)? I ask because I'm not aware of any MS MVP who
> also works for Microsoft or who includes MSPSS in their newsgroup signature.

You don't understand what a "v-" account means. Milo does not have a direct
employment relationship with Microsoft. I was a "v-" for 12 some odd years
and was still able to be an MVP. Only FTEs of Microsoft have to give up
their MVP status. A v- is a vendor who has an account on Microsoft's
network. Not even close to being an employee.
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Compatible: Gracefully accepts erroneous data from any source.
 
You must log in or register to reply here.

Similar threads

F
Recent microsoft security updates have blocked remote user access to our server.
Replies
0
Views
27
Frustrated with updates-101
F
F
Recent microsoft security updates have blocked remote user access to our server.
Replies
0
Views
25
Frustrated with updates-101
F
N
Ignite 2022: What's new in Windows Server Azure Edition
Replies
0
Views
69
Ned Pyle
N
S
  • Article
Windows 365 at three years: Customer-centric solutions for security, management and productivity
Replies
0
Views
40
Scott Manchester
S
J
  • Article
Reflecting on 20 years of Windows Patch Tuesday
Replies
0
Views
64
John Cable, Vice President, Program Management
J
Back
Top Bottom