• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

SP2 "Flaw" report falls short...

#2
Glad to see someone finally reporting this correctly. The media have been over eager to report a SP2 flaw they would even run with something trivial from a unknown German security company who hold little respect and standing.

The misguided advisory from Heise Security sets unrealistic expectations for a new Windows security feature and then criticizes Microsoft for not meeting them.
 
#3
Yes, it does appear that the command shell doesn't use the AES and therefore will execute files that Internet Explorer thinks come from untrusted sources. So? Let's imagine that Windows actually somehow changed all file exchanges to use this facility. Other programs' behavior would change and potentially breakā€”and guess who would take the heat for it?

This same scenario, I should point out, works beautifully with non-Microsoft browsers. There's nothing in Mozilla to stop it. If one more instruction is added to the message, using the chmod command, it works just as well in Linux and Unix, too. Is it a "vulnerability" that users are allowed to run programs?
Classic.
 
#4
Yes, a very nice line at the end there :) The same thoughts this author expresses crossed my mind when I read the details about the "flaw".
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,012
Latest member
Sierge