Microsoft irresponsible - omits disclosing vulns. in MS10-024

Ocky · May 7, 2010

While researching the fixes issued by Microsoft in Microsoft's Security
Bulletin MS10-024
http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx
published April 13, 2010 Nicolas Economou discovered two vulnerabilities
in Windows SMTP Service and Microsoft Exchange . These vulnerabilities
were fixed by the patches referenced in MS10-024 but were not disclosed
in the vendor's security bulletin and did not have an unique
vulnerability identifier assigned to them.
Click to expand...

Furthermore, he found that the patch referenced in MS10-024 fixed two
severe bugs that were not disclosed as such in the bulletin and had no
CVE identifiers assigned to them. Basic analysis of the vulnerabilities
disclosed in this advisory indicates that the threat of DNS spoofing
attacks against Windows SMTP service and Microsoft Exchange or of
exploitation of CVE-2010-0024 was underestimated in MS10-024.
Click to expand...

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html

Log in or Sign up

Microsoft irresponsible - omits disclosing vulns. in MS10-024

Ocky Registered Member

Log in or Sign up

Microsoft irresponsible - omits disclosing vulns. in MS10-024

Ocky Registered Member

Useful Searches