Re: More information on ZERT patch for ANI 0day
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<sbradcpa@xxxxxxxxxxx> wrote:
And there's a patch for that Realtek already to go on the download
site. (read the caveat section). So far all I've seen/heard is that one.
Yes, I forgot to mention the patch.
This is patching 7 graphics items not just the one. ...that's 6 more
things the folks that throw at me from those Metasploit modules ;-)
And of the seven vulnerabilities, the .ANI vulnerability is the only
one I'm aware of that's being actively exploited. Four of the
vulnerabilities are local privilege escalations that, while dangerous,
aren't quite as dangerous as the ANI problem.
While I agree that using the MS patch now that it's out is definitely
recommended, I would argue that if the patch is causing problems that
can't be worked around, using the ZERT patch in the meantime is
definitely an option.
And prior to the MS patch being released, the ZERT patch was a great
resource to have out there.
--
Jason 'XenoPhage' Frisvold
XenoPhage0@xxxxxxxxx
http://blog.godshell.com