I don't think the folks in Suwannee have fixed the issue yet. Marc Maiffret was generous enough with his time to take a look (between researching the MS10-015 BSODs!), and his feeling was that the crash didn't present a security risk-it was, in his words, "just a general bug."
It's always interesting, though, when a website can be made to consistently crash a browser. (Hey, Microsoft... You reading this?) From: Richard Stovall [mailto:[email protected]] Sent: Saturday, February 13, 2010 10:31 AM To: NT System Admin Issues Subject: Re: Need Website Tested I'm with Mr. G. on this one. I would have had a look for you too if a sandboxed vm had been available, but I wasn't about to do it from my workstation or any other production machine. And I also agree with you, too. To take it even further, simply having your machine on a network (any network) introduces a level of risk that wouldn't be there if it were an island in a locked room. In this case, going to a site with the express purpose of seeing if it would crash my browser for undetermined reasons was beyond the level of risk I was willing to take using the resources I had available at the time. All that said, I am curious about the whole thing, and might try it later now that I'm at home and have the time and resources to have a look. Is it still reported as problematic? RS On Sat, Feb 13, 2010 at 10:04 AM, John Hornbuckle <[email protected]<mailto:[email protected]>> wrote: Yeah-and by doing so, you skewed the results! As I recall, you were one of the ones who didn't reproduce the problem. :) Of course, accessing *any* website presents a potential security risk. Nevertheless, most of us don't do all of our surfing in VMs. John From: Erik Goldoff [mailto:[email protected]<mailto:[email protected]>] Sent: Saturday, February 13, 2010 8:17 AM To: NT System Admin Issues Subject: RE: Need Website Tested Am I the only one that tested in a sandboxed Win7 VM on a virtual server ??? <grin> Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' ________________________________ From: Mark Boersma [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, February 12, 2010 9:58 PM To: NT System Admin Issues Subject: RE: Need Website Tested It's a good thing there is a trust level here. Hey guys, click this link and see your browser do bad things! All your base are belong to Suwannee County! :) BTW, it killed my IE8 on 7 x64 Mark ------------------------------------------------- Two rules for success in life: 1. Never tell people everything you know. From: John Hornbuckle [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, February 12, 2010 9:03 AM To: NT System Admin Issues Subject: RE: Need Website Tested Thanks to those who responded already. Enough are reproducing the error to let me know it's not just us. I'll let our friends in Suwannee County know, so they can have their web folks check it out. John From: John Hornbuckle [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, February 12, 2010 8:52 AM To: NT System Admin Issues Subject: Need Website Tested Our Windows 7 machines crash when accessing the following site with IE8: http://www.suwannee.k12.fl.us/ The module causing the fault is mshtml.dll. We've tested from multiple Win7 machines (different brands/models/images) on our end with the same result, but Vista and XP seem to work fine. Could any of you with Win7 try the site through IE8 and let me know if you see the same thing? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us<http://www.taylor.k12.fl.us> NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ________________________________ Please consider the environment before printing this email. ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
