OE Vulnerablity rptd by InternetWeek (OE 6.0)

Topic

New Reply

It’s possible DSLReports or internetwk is behind the times – MS releases many security fixes and even subscribers to NTBugtraks and the MS security mailing can’t keep up. (I think this was announced in a security bullitin, but i can’t recall. You can look them up at the microsoft technet site)

It makes no sense to announce a vulnerablity to the world before a fix is ready – it’s like posting a note in public saying you are going to be away for a few weeks. Anyone, including crimials can see it. So they typically wait to mention it after the fix is ready.

Reply | Quote

Replies

I found this while looking thru articles on DSLReports: Internet Week rpts Outlook Express 5.5 & 6.0 vulnerable to buffer overrun which would allow hacker to gain access to computer and perform ANY function a authorized user could. Does anyone have any more info on this? How would I know if I had been attacked?

The article also says the SP released Sept. 9 protected against this. Does that mean MS waited more than a month to announce this and fix it?

http://www.internetwk.com/breakingNews/INW20021011S0005%5B/url%5D

Grrrr…..

Reply | Quote