Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Windows VML security update MS06-055 released

from [Alex Eckelberry] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Windows VML security update MS06-055 released
Date: Wed, 27 Sep 2006 18:44:27 -0400 
It is exactly the same day when Sunbelt reported that they were

informed Microsoft security people:

We were the first to see it in the wild, but unbeknownst to the security
community, Microsoft had reportedly been working with ISS on this issue
(ISS disclosed it on the 19th --
http://xforce.iss.net/xforce/alerts/id/237).   

One can then assume that Microsoft was already in the process of fixing
it, and while they were doing that, we started finding it exploiting
systems. 

Alex



-----Original Message-----
From: Juha-Matti Laurio [mailto:juha-matti.laurio@netti.fi] 
Sent: Tuesday, September 26, 2006 3:45 PM
To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Windows VML security update MS06-055 released

Security update for Windows Vector Markup Language (VML) vulnerability
has been released.

Fix is available via Microsoft Update or downloadable with links
included to MS06-055:
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx

Fix information has been added to Windows VML Vulnerability FAQ
(CVE-2006-4868) http://blogs.securiteam.com/?p=640

and details will be added shortly.

It appears that the timestamp of updated Vgx.dll library is 18th
September, 2006.


From the Security Update Information / File Information section of new

MS bulletin:

Windows XP Service Pack 2 (all versions) and Windows XP Professional x64
Vgx.dll - 6.0.2900.2997 - 18-Sep-2006 - 14:28 (UTC) - 851,968

It is exactly the same day when Sunbelt reported that they were informed
Microsoft security people:
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be
ing.html

- Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] IM Sniffer release, crazy frog crazy frog
Next by Date:  [Full-disclosure] Security as an Enabler - Virtual Trust: An Open Challenge to All InfoSec Professionals, Kenneth F. Belva
Previous by Thread:  Re: [Full-disclosure] Windows VML security update MS06-055 released, Jerome Athias
Next by Thread:  [Full-disclosure] ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities, zdi-disclosures
Indexes:  [Date] [Thread] [Top] [All Lists]