Re: More information on ZERT patch for ANI 0day
And there's a patch for that Realtek already to go on the download
site. (read the caveat section). So far all I've seen/heard is that one.
This is patching 7 graphics items not just the one. ...that's 6 more
things the folks that throw at me from those Metasploit modules ;-)
Jason Frisvold wrote:
> On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
> <sbradcpa@pacbell.net> wrote:
>> the community need that they are reacting to. Gadi and the crew work
>> hard and have my respect for their efforts.
>
> Agreed. Previous patches worked as advertised with no adverse side
> effects here.
>
>> If you are willing to evaluate the eEye patch, Zert's should be higher
>> on your list as well since reportedly it works better than eEye's.
>
> eEye's patch only protects from attacks outside of %systemroot%. If
> an attacker can place a vulnerable file within %systemroot%, all bets
> are off.
>
> ZERT's patch, on the other hand, protects regardless of where the file
> is located. It specifically prevents the stack overflow condition by
> blocking chunks larger than 36 bytes from being copied.
>
>> Regardless it's a moot point. The real patch is out.
>> Install that one. It's on Windows update now.
>
> ISC is reporting problems with the Microsoft patch. A problem with
> the Realtek HD Audio Control Panel has been confirmed and patched by
> Microsoft. Other problems have been reported but no additional
> information on them has been released at this point.,
>
討論串 (同標題文章)
完整討論串 (本文為第 6 之 6 篇):