>Nevertheless, there is still something bothering me: if you look at the IE
6
>SP1 fix list (linked from
>http://support.microsoft.com/default.aspx?scid=kb;en-us;Q326489), there is
>absolutely no reference to this problem.
>
>So, Microsoft addressed a critical problem in the service pack, but decided
>to keep silent about it until now.
>
>I wonder what else has been hidden.
i've been wondering the same thing. they also rolled a remote desktop fix
into xp sp1 and later released a patch for w2k and xp.
lesee... remember this?
-----
Title: Cryptographic Flaw in RDP Protocol can Lead to
Information Disclosure (Q324380)
Released: 18 September 2002
Software: Microsoft Windows 2000
Microsoft Windows XP
Impact: Two vulnerabilities: information disclosure, denial of
service
Max Risk: Moderate
Bulletin: MS02-051
-----
and then...
-----
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-051.asp
Additional information about this patch
Installation platforms:
The patch for Windows 2000 can be installed on systems running Windows 2000
Service Pack 2 or Windows 2000 Service Pack 3.
The patch for Windows XP can be installed on systems running Windows XP
Gold.
Inclusion in future service packs:
The fix for this issue will be included in Windows 2000 Service Pack 4.
The fix for this issue is included in Windows XP Service Pack 1.
-----
-d
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
