From: "Rich Gauszka" 


"Geo"  wrote in message news:444532ec$1{at}w3....
> So lets see if I understand this. First we have a vulnerability in the web
> client service which is described like this:
>
> A remote code execution vulnerability exists in Windows Explorer because
> of
> the way that it handles COM objects. An attacker would need to convince a
> user to visit a Web site that could force a connection to a remote file
> server. This remote file server could then cause Windows Explorer to fail
> in
> a way that could allow code execution. An attacker who successfully
> exploited this vulnerability could take complete control of an affected
> system.
>
> and then
>
> Instead of fixing the exploit (if you ask me the web client service should
> just be removed as a bad idea in an untrusted environment), they added yet
> another program, this one scans shell extensions and it has a whitelist
> that
> is stored in the registry so simply adding a registry entry will make this
> new security shell extension scanner skip scanning your trojan shell
> extension? I wonder if it works based simply on the file name so using an
> existing whitelisted name exposes you again.
>
> Is this "fix", and I use that term loosly,  from Microsoft
or Cheech and
> Chong?
>
> Geo.
>
>
> "Rich Gauszka"  wrote in message
> news:4444ee0a$1{at}w3....
>>
>> http://support.microsoft.com/default.aspx/kb/918165?
>>
>>
>
>

Or a nefarious scheme to have you return to windows update each month for
your whitelist fix and mandatory validation 

--- BBBS/NT v4.01 Flag-5