February MS patchs
Cumulative Security Update for Internet Explorer (910620): Only applies to Win2K users with IE 5.01, the WMF exploit fix for an older browser. Shouldn't have this running anywhere, will check with SMS.
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565): Bitmap exploit, unchecked buffer! Who looks at bitmaps in Windows Media Player? Oh yeah - skins. "Significant user interaction is required to exploit this vulnerability". Which, once again is defined as "an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display malicious Web content by using banner advertisements." I can't believe they actually say that visiting a website or viewing an email is "significant user interaction"
- Back up and remove the WMZ registry key: that's interesting, we recently had an issue with .wmz files being blocked by either our Spam-Filter or Exchange from some vendor.
I'll just note one of them - "A vulnerability exists in the Windows and Office Korean Input Method Editor that could allow an attacker to take complete control of an affected system. For an attack to be successful an attacker must be able to interactively log on to the affected system." I won't be able to sleep unti this patch is rolled out 100%...