On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@xxxxxxxxxxx> wrote:
And there's a patch for that Realtek already to go on the download site. (read the caveat section). So far all I've seen/heard is that one.
Yes, I forgot to mention the patch.
This is patching 7 graphics items not just the one. ...that's 6 more things the folks that throw at me from those Metasploit modules ;-)
And of the seven vulnerabilities, the .ANI vulnerability is the only one I'm aware of that's being actively exploited. Four of the vulnerabilities are local privilege escalations that, while dangerous, aren't quite as dangerous as the ANI problem. While I agree that using the MS patch now that it's out is definitely recommended, I would argue that if the patch is causing problems that can't be worked around, using the ZERT patch in the meantime is definitely an option. And prior to the MS patch being released, the ZERT patch was a great resource to have out there. -- Jason 'XenoPhage' Frisvold XenoPhage0@xxxxxxxxx http://blog.godshell.com
