MS03-032 superceded by MS03-040

Cowles, Robert D. rdc at SLAC.Stanford.EDU
Sun Oct 5 01:08:29 GMT 2003

There is also an associated patch to Media Player that has now been turned into a *critical* patch if you go to Windows Update.

>From the detailed announcement:

In addition to applying this security patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update is available from Windows Update as well as the Microsoft Download Center for all supported versions of Windows Media Player. While not a security patch, this update contains a change to the behavior of Windows Media Player's ability to launch URLs to help protect against DHTML behavior based attacks. Specifically, it restricts Windows Media Player's ability to launch URLs in the local computer zone from other zones.

Bob Cowles
Stanford Linear Accelerator Center

>     Microsoft usually issues these announcements on
> Wednesdays but I imagine they felt some pressure to get
> this out. According to the updated MS03-032 that
> bulletin has been superceded by this new MS03-040 (see
> intro below).
>     McAfee references MS03-040 as a patch for the
> vulnerability exploited by QHosts-1.
>     Marty

More information about the unisog mailing list