Guest Donna Buenaventura \(MVP\) Posted October 11, 2007 Posted October 11, 2007 Microsoft Security Advisory (943521) URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution Published: October 10, 2007 Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports. This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed. More info at http://www.microsoft.com/technet/security/advisory/943521.mspx Regards, Donna Buenaventura Microsoft MVP - Windows Security 2004/2007 Calendar of Updates: http://cou.dozleng.com
Guest Ottmar Freudenberger Posted October 11, 2007 Posted October 11, 2007 "Donna Buenaventura (MVP)" <dbuenaventura@mvps.org> schrieb: > Microsoft Security Advisory (943521) > URL Handling Vulnerability in Windows XP and Windows Server 2003 with > Windows Internet Explorer 7 Could Allow Remote Code Execution > Published: October 10, 2007 > > Microsoft is investigating public reports of a remote code execution > vulnerability in supported editions of Windows XP and Windows Server 2003 > with Windows Internet Explorer 7 installed. We are not aware of attacks that > try to use the reported vulnerability or of customer impact at this time. > Microsoft is investigating the public reports. > > This vulnerability does not affect Windows Vista or any supported editions > of Windows where Internet Explorer 7 is not installed. > > More info at http://www.microsoft.com/technet/security/advisory/943521.mspx More "more info" with some background infos added at http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-and-background-on-security-advisory-943521.aspx Bye, Freu"I hate when they do this"di
Guest mikk Posted October 11, 2007 Posted October 11, 2007 This vulnerability does not affect Windows Vista Why you're posting this useless message here? This vulnerability does not affect Windows Vista.
Guest Milo \(MSPSS\) Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista 943521 is a security advisory, and such this is a security homeuser section which covers every Windows Operating System from windows 3.+ to Windows 2008 rc if a home user is using it and I`ve known few. It`s just a general advisory for eveyone - as per specific XP Sp2 users . "mikk" <mikk@discussions.microsoft.com> wrote in message news:F92D3B35-D454-45BB-9F49-E812DB1009AB@microsoft.com... > Why you're posting this useless message here? > This vulnerability does not affect Windows Vista.
Guest Milo \(MSPSS\) Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista And add to such Windows Using IE7 if you may specific to XP and Windows 2003 "mikk" <mikk@discussions.microsoft.com> wrote in message news:F92D3B35-D454-45BB-9F49-E812DB1009AB@microsoft.com... > Why you're posting this useless message here? > This vulnerability does not affect Windows Vista.
Guest mikk Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista "Milo (MSPSS)" wrote: > 943521 is a security advisory, and such this is a security homeuser section > which covers every Windows Operating System from windows 3.+ to Windows 2008 > rc YOU WRONG! This vulnerability does not affect Windows Vista. Most of MVP are very ignorant!
Guest Paul Adare Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista On Thu, 11 Oct 2007 05:16:00 -0700, mikk wrote: > "Milo (MSPSS)" wrote: > >> 943521 is a security advisory, and such this is a security homeuser section >> which covers every Windows Operating System from windows 3.+ to Windows 2008 >> rc > > YOU WRONG! > This vulnerability does not affect Windows Vista. > Most of MVP are very ignorant! Milo is not an MVP, he apparently works as a vendor of Microsoft's Product Support Services. -- Paul Adare MVP - Virtual Machines http://www.identit.ca K: A term used in employment ads to disguise how much they are really willing to pay.
Guest RJK Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista "YOU WRONG" ...no speekee Engleeezh veery well ? ....Just WHERE in the NG title does it say Vista ? ...you ignorant little s**t ! "mikk" <mikk@discussions.microsoft.com> wrote in message news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com... > > > "Milo (MSPSS)" wrote: > >> 943521 is a security advisory, and such this is a security homeuser >> section >> which covers every Windows Operating System from windows 3.+ to Windows >> 2008 >> rc > > YOU WRONG! > This vulnerability does not affect Windows Vista. > Most of MVP are very ignorant!
Guest RJK Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista "YOU'RE WRONG," ...you ignorant little s**t ! Most of the MVP's are polite and helpful, less than a handful are ignorant, .....and that's not usually ignorance, it's more a case of they, "don't suffer fools lightly." "mikk" <mikk@discussions.microsoft.com> wrote in message news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com... > > > "Milo (MSPSS)" wrote: > >> 943521 is a security advisory, and such this is a security homeuser >> section >> which covers every Windows Operating System from windows 3.+ to Windows >> 2008 >> rc > > YOU WRONG! > This vulnerability does not affect Windows Vista. > Most of MVP are very ignorant!
Guest Tom [Pepper] Willett Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista It was cross-posted to a Vista newsgroup -) "RJK" <notatospam@hotmail.com> wrote in message news:eVbFAtADIHA.3332@TK2MSFTNGP04.phx.gbl... | "YOU WRONG" ...no speekee Engleeezh veery well ? | | ...Just WHERE in the NG title does it say Vista ? ...you ignorant little | s**t ! | | | | "mikk" <mikk@discussions.microsoft.com> wrote in message | news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com... | > | > | > "Milo (MSPSS)" wrote: | > | >> 943521 is a security advisory, and such this is a security homeuser | >> section | >> which covers every Windows Operating System from windows 3.+ to Windows | >> 2008 | >> rc | > | > YOU WRONG! | > This vulnerability does not affect Windows Vista. | > Most of MVP are very ignorant! | |
Guest Nick Simpson Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista It is being posted to the Microsoft.public.windows.vista.security group as well. Check your headers before calling someone ignorant. "RJK" <notatospam@hotmail.com> wrote in message news:eVbFAtADIHA.3332@TK2MSFTNGP04.phx.gbl... > "YOU WRONG" ...no speekee Engleeezh veery well ? > > ...Just WHERE in the NG title does it say Vista ? ...you ignorant little > s**t ! > > > > "mikk" <mikk@discussions.microsoft.com> wrote in message > news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com... >> >> >> "Milo (MSPSS)" wrote: >> >>> 943521 is a security advisory, and such this is a security homeuser >>> section >>> which covers every Windows Operating System from windows 3.+ to Windows >>> 2008 >>> rc >> >> YOU WRONG! >> This vulnerability does not affect Windows Vista. >> Most of MVP are very ignorant! > >
Guest Shenan Stanley Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista Donna Buenaventura (MVP) wrote: > Microsoft Security Advisory (943521) > URL Handling Vulnerability in Windows XP and Windows Server 2003 > with Windows Internet Explorer 7 Could Allow Remote Code Execution > Published: October 10, 2007 > > Microsoft is investigating public reports of a remote code execution > vulnerability in supported editions of Windows XP and Windows > Server 2003 with Windows Internet Explorer 7 installed. We are not > aware of attacks that try to use the reported vulnerability or of > customer impact at this time. Microsoft is investigating the public > reports. > > This vulnerability does not affect Windows Vista or any supported > editions of Windows where Internet Explorer 7 is not installed. > > More info at > http://www.microsoft.com/technet/security/advisory/943521.mspx mikk wrote: > Why you're posting this useless message here? > This vulnerability does not affect Windows Vista. Milo (MSPSS) wrote: > 943521 is a security advisory, and such this is a security homeuser > section which covers every Windows Operating System from windows > 3.+ to Windows 2008 rc if a home user is using it and I`ve known > few. > > It`s just a general advisory for eveyone - as per specific XP Sp2 > users . mikk wrote: > YOU WRONG! > This vulnerability does not affect Windows Vista. > Most of MVP are very ignorant! mikk, If you feel that the original posting should not have been in a specific group (one of the many it was cross-posted to) it would be particularly helpful if you had done one of two possible things: 1) Listed the group to which the message likely should not have been crossposted into in the body of your message (with the reasoning behind the lack of need to post it there.) 2) Only responded within the group where the message likely should not have been crossposted into - that way if you did not use the first method to clarify your meaning - it would have been obvious which group you were referring to, and anyone arguing with you in the single-group posted part of this conversation would have had to re-crosspost the thread you started or argue about it in the single group you felt wronged in. For example, if you had posted (crossposted or not) the following, it would be difficult to argue with: The original message was posted to: - microsoft.public.internetexplorer.security - microsoft.public.officeupdate - microsoft.public.security.virus - microsoft.public.windowsupdate - microsoft.public.security.homeusers - microsoft.public.windows.vista.security It was about: Microsoft Security Advisory: Vulnerability in Windows XP and Windows Server 2003 URL handling could allow remote code execution http://support.microsoft.com/kb/943521 Which, if you follow up and go to the further information on it found here: http://www.microsoft.com/technet/security/advisory/943521.mspx (Which was posted in the original posting as well...) You will see clearly this part of the notification: "This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed." Given that - one could argue (quite effectively) that it was not necessary to post the notification given in the original post to the following groups from the original list of those crossposted to: - microsoft.public.officeupdate - microsoft.public.windows.vista.security However - as it *may* be important to the people in said newsgroups as well as those in the obviously relevant newsgroups, it didn't hurt to put them there too. Chances are those running Vista likely have a Windows XP or Windows 2003 machine (with Internet Explorer 7 installed) or know someone who does and those who use Microsoft Office likely have some Microsoft operating system, one of which may be WIndows 2003 or Windows XP (with Internet Explorer 7 installed.) One further note/question for mikk... I notice that in your replies, you crossposted to all the original locations excluding: - microsoft.public.internetexplorer.security Is there a particular reason for this, or was it perhaps an oversight on your part? (Yes - I added it back to this crossposted reply.) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
Guest Antioch Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista "mikk" <mikk@discussions.microsoft.com> wrote in message news:F92D3B35-D454-45BB-9F49-E812DB1009AB@microsoft.com... > Why you're posting this useless message here? > This vulnerability does not affect Windows Vista. What useless message??????????????? Have you replied in the correct thread.
Guest Rick Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista mikk wrote: > Why you're posting this useless message here? > This vulnerability does not affect Windows Vista. This is not a Vista only newsgroup, thus it is no useless to a great many of us. If you want vista only why don subscribe to that group? -- Rick Fargo, ND N 46°53.251" W 096°48.279" Remember the USS Liberty http://www.ussliberty.org/
Guest RJK Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista I did notice that but, couldn't resist "having a go" :-) regards, Richard "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com> wrote in message news:uLM7izADIHA.4752@TK2MSFTNGP04.phx.gbl... > It was cross-posted to a Vista newsgroup -) > > "RJK" <notatospam@hotmail.com> wrote in message > news:eVbFAtADIHA.3332@TK2MSFTNGP04.phx.gbl... > | "YOU WRONG" ...no speekee Engleeezh veery well ? > | > | ...Just WHERE in the NG title does it say Vista ? ...you ignorant little > | s**t ! > | > | > | > | "mikk" <mikk@discussions.microsoft.com> wrote in message > | news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com... > | > > | > > | > "Milo (MSPSS)" wrote: > | > > | >> 943521 is a security advisory, and such this is a security homeuser > | >> section > | >> which covers every Windows Operating System from windows 3.+ to > Windows > | >> 2008 > | >> rc > | > > | > YOU WRONG! > | > This vulnerability does not affect Windows Vista. > | > Most of MVP are very ignorant! > | > | > >
Guest Milo \(MSPSS\) Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista On the point it doesnt affect Vista you are right, but I would like to ask you not to be rude as you indicated Why you're posting this useless message here? This vulnerability does not affect Windows Vista. Cool down dude... "mikk" <mikk@discussions.microsoft.com> wrote in message news:6041E325-3306-4F6B-B0A2-3A238AB7F070@microsoft.com... > > > "Milo (MSPSS)" wrote: > >> 943521 is a security advisory, and such this is a security homeuser >> section >> which covers every Windows Operating System from windows 3.+ to Windows >> 2008 >> rc > > YOU WRONG! > This vulnerability does not affect Windows Vista. > Most of MVP are very ignorant!
Guest Milo \(MSPSS\) Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista Sad to say I am MVP for Security as well and mock upon ignorant whew... awesome https://mvp.support.microsoft.com/profile/Pacamarra "Paul Adare" <pkadare@gmail.com> wrote in message news:t7e7gobfbblb.1dnxpgh7g0jpa.dlg@40tude.net... > On Thu, 11 Oct 2007 05:16:00 -0700, mikk wrote: > >> "Milo (MSPSS)" wrote: >> >>> 943521 is a security advisory, and such this is a security homeuser >>> section >>> which covers every Windows Operating System from windows 3.+ to Windows >>> 2008 >>> rc >> >> YOU WRONG! >> This vulnerability does not affect Windows Vista. >> Most of MVP are very ignorant! > > Milo is not an MVP, he apparently works as a vendor of Microsoft's Product > Support Services. > > -- > Paul Adare > MVP - Virtual Machines > http://www.identit.ca > K: A term used in employment ads to disguise how much they are really > willing > to pay.
Guest Tom [Pepper] Willett Posted October 11, 2007 Posted October 11, 2007 Re: This vulnerability does not affect Windows Vista Milo... Thanks for sharing that with us. Tom "Milo (MSPSS)" <V-4jpaca@mssupport.microsoft.com> wrote in message news:6B8FE018-C4AC-4756-B957-E27C3DCB989B@microsoft.com... | Sad to say I am MVP for Security as well | | https://mvp.support.microsoft.com/profile/Pacamarra | |
Guest PA Bear Posted October 12, 2007 Posted October 12, 2007 Re: This vulnerability does not affect Windows Vista MiLO, do you still have an official employment relationship with MS PSS (Product Support Services)? I ask because I'm not aware of any MS MVP who also works for Microsoft or who includes MSPSS in their newsgroup signature. -- ~PA Bear Milo (MSPSS) wrote: > Sad to say I am MVP for Security as well and mock upon ignorant whew... > awesome > > https://mvp.support.microsoft.com/profile/Pacamarra > > > "Paul Adare" <pkadare@gmail.com> wrote in message > news:t7e7gobfbblb.1dnxpgh7g0jpa.dlg@40tude.net... >> On Thu, 11 Oct 2007 05:16:00 -0700, mikk wrote: >> >>> "Milo (MSPSS)" wrote: >>> >>>> 943521 is a security advisory, and such this is a security homeuser >>>> section >>>> which covers every Windows Operating System from windows 3.+ to Windows >>>> 2008 >>>> rc >>> >>> YOU WRONG! >>> This vulnerability does not affect Windows Vista. >>> Most of MVP are very ignorant! >> >> Milo is not an MVP, he apparently works as a vendor of Microsoft's >> Product >> Support Services. >> >> -- >> Paul Adare >> MVP - Virtual Machines >> http://www.identit.ca >> K: A term used in employment ads to disguise how much they are really >> willing >> to pay.
Guest Paul Adare Posted October 12, 2007 Posted October 12, 2007 Re: This vulnerability does not affect Windows Vista On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote: > MiLO, do you still have an official employment relationship with MS PSS > (Product Support Services)? I ask because I'm not aware of any MS MVP who > also works for Microsoft or who includes MSPSS in their newsgroup signature. You don't understand what a "v-" account means. Milo does not have a direct employment relationship with Microsoft. I was a "v-" for 12 some odd years and was still able to be an MVP. Only FTEs of Microsoft have to give up their MVP status. A v- is a vendor who has an account on Microsoft's network. Not even close to being an employee. -- Paul Adare MVP - Virtual Machines http://www.identit.ca Compatible: Gracefully accepts erroneous data from any source.
Guest Milo \(MSPSS\) Posted October 12, 2007 Posted October 12, 2007 Re: This vulnerability does not affect Windows Vista Thanks for answering that Paul, and for a fact that gives me more understanding on how to help and extend such assistance to others since it does put me to situations where the real problem and issue churns. "Paul Adare" <pkadare@gmail.com> wrote in message news:w6a5ixy47g0p$.4fi0ot6uftsb$.dlg@40tude.net... > On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote: > >> MiLO, do you still have an official employment relationship with MS PSS >> (Product Support Services)? I ask because I'm not aware of any MS MVP >> who >> also works for Microsoft or who includes MSPSS in their newsgroup >> signature. > > You don't understand what a "v-" account means. Milo does not have a > direct > employment relationship with Microsoft. I was a "v-" for 12 some odd years > and was still able to be an MVP. Only FTEs of Microsoft have to give up > their MVP status. A v- is a vendor who has an account on Microsoft's > network. Not even close to being an employee. > -- > Paul Adare > MVP - Virtual Machines > http://www.identit.ca > Compatible: Gracefully accepts erroneous data from any source.
Guest PA Bear Posted October 12, 2007 Posted October 12, 2007 Re: This vulnerability does not affect Windows Vista Paul Adare wrote: > On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote: > >> MiLO, do you still have an official employment relationship with MS PSS >> (Product Support Services)? I ask because I'm not aware of any MS MVP >> who >> also works for Microsoft or who includes MSPSS in their newsgroup >> signature. > > You don't understand what a "v-" account means. Milo does not have a > direct > employment relationship with Microsoft. I was a "v-" for 12 some odd years > and was still able to be an MVP. Only FTEs of Microsoft have to give up > their MVP status. A v- is a vendor who has an account on Microsoft's > network. Not even close to being an employee. Yeah, I discovered this after posting. Still, I feel that reference to "MSPSS" is misleading and inappropriate. -- ~Robear, working offline
Guest Sharon Franks Posted October 12, 2007 Posted October 12, 2007 Re: This vulnerability does not affect Windows Vista Why because it looks more impressive than yours? -- Sharon Franks MCC group Microsoft Certified Solutions Developer (MCSD) Microsoft Certified Trainer (MCT). "PA Bear" <PABearMVP@gmail.com> wrote in message news:%23kZxBUSDIHA.3940@TK2MSFTNGP05.phx.gbl... > Paul Adare wrote: >> On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote: >> >>> MiLO, do you still have an official employment relationship with MS PSS >>> (Product Support Services)? I ask because I'm not aware of any MS MVP >>> who >>> also works for Microsoft or who includes MSPSS in their newsgroup >>> signature. >> >> You don't understand what a "v-" account means. Milo does not have a >> direct >> employment relationship with Microsoft. I was a "v-" for 12 some odd >> years >> and was still able to be an MVP. Only FTEs of Microsoft have to give up >> their MVP status. A v- is a vendor who has an account on Microsoft's >> network. Not even close to being an employee. > > Yeah, I discovered this after posting. Still, I feel that reference to > "MSPSS" is misleading and inappropriate. > -- > ~Robear, working offline
Guest PA Bear Posted October 13, 2007 Posted October 13, 2007 Re: This vulnerability does not affect Windows Vista No, because it leads newsgroup readers to assume he represents/works directly for MS Product Support Services. Sharon Franks wrote: > Why because it looks more impressive than yours? > > > "PA Bear" <PABearMVP@gmail.com> wrote in message > news:%23kZxBUSDIHA.3940@TK2MSFTNGP05.phx.gbl... >> Paul Adare wrote: >>> On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote: >>> >>>> MiLO, do you still have an official employment relationship with MS PSS >>>> (Product Support Services)? I ask because I'm not aware of any MS MVP >>>> who >>>> also works for Microsoft or who includes MSPSS in their newsgroup >>>> signature. >>> >>> You don't understand what a "v-" account means. Milo does not have a >>> direct >>> employment relationship with Microsoft. I was a "v-" for 12 some odd >>> years >>> and was still able to be an MVP. Only FTEs of Microsoft have to give up >>> their MVP status. A v- is a vendor who has an account on Microsoft's >>> network. Not even close to being an employee. >> >> Yeah, I discovered this after posting. Still, I feel that reference to >> "MSPSS" is misleading and inappropriate. >> -- >> ~Robear, working offline
Guest Leonard Grey Posted October 13, 2007 Posted October 13, 2007 Re: This vulnerability does not affect Windows Vista "A v- is a vendor who has an account on Microsoft's network." Apologies for sticking my nose in, but why would a vendor have an account on Microsoft's network? --- Leonard Grey Errare humanum est PA Bear wrote: > No, because it leads newsgroup readers to assume he represents/works > directly for MS Product Support Services. > > Sharon Franks wrote: >> Why because it looks more impressive than yours? >> >> >> "PA Bear" <PABearMVP@gmail.com> wrote in message >> news:%23kZxBUSDIHA.3940@TK2MSFTNGP05.phx.gbl... >>> Paul Adare wrote: >>>> On Thu, 11 Oct 2007 20:03:03 -0400, PA Bear wrote: >>>> >>>>> MiLO, do you still have an official employment relationship with MS >>>>> PSS >>>>> (Product Support Services)? I ask because I'm not aware of any MS MVP >>>>> who >>>>> also works for Microsoft or who includes MSPSS in their newsgroup >>>>> signature. >>>> >>>> You don't understand what a "v-" account means. Milo does not have a >>>> direct >>>> employment relationship with Microsoft. I was a "v-" for 12 some odd >>>> years >>>> and was still able to be an MVP. Only FTEs of Microsoft have to give up >>>> their MVP status. A v- is a vendor who has an account on Microsoft's >>>> network. Not even close to being an employee. >>> >>> Yeah, I discovered this after posting. Still, I feel that reference to >>> "MSPSS" is misleading and inappropriate. >>> -- >>> ~Robear, working offline >
Recommended Posts