Forum Thread: Threat catagories ??

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
crackers Threat catagories ??
Member 7th Jun, 2009 22:39
Ranking: 6
Posts: 17
User Since: 1st Mar, 2009
System Score: N/A
Location: US
I can't seem to find a help page where I would think this should be listed so am coming here to ask........could someone explain the different catagories to a dummy like me?

Alan_Baxter RE: Threat catagories ??
Member 7th Jun, 2009 23:26
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
http://secunia.com/advisories/about/
Was this reply relevant?
+0
-0
Maurice Joyce RE: Threat catagories ??
Handling Contributor 7th Jun, 2009 23:41
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 7th Jun, 2009 23:53
The coloured lights by each entry U can see mean:
1. 1 green square = Not Critical
2. 2 greens = Less Critical
3. 2 greens + yellow = Moderately Critical
4. 2 greens + yellow + orange = Highly Critical
5. 2 greens + yellow + orange + red = Extremely Critical.

An example is IE8 currently showing 2 green squares. To me that means caution is needed when surfing but nothing to leap up & down about. Microsoft will patch it in due course (perhaps patch Tuesday on the 9th June)

The link given by Alan explains the differences of the critical states.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Alan_Baxter RE: Threat catagories ??
Member 7th Jun, 2009 23:55
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Caution is needed when surfing even when PSI doesn't report a vulnerability. There is an Extremely Critical vulnerability in Windows XP and any other Windows OS older than Vista or Server 2008. http://secunia.com/advisories/35268/
Since it isn't patched by MS yet, it is not reported by PSI. Microsoft has announced that a patch for this vulnerability will not be released Tuesday. If you have a vulnerable system, you need to Enable a workaround from the FixIt button here. http://support.microsoft.com/kb/971778
Was this reply relevant?
+0
-0
Maurice Joyce RE: Threat catagories ??
Handling Contributor 8th Jun, 2009 00:37
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Alan,
Thank you. It is not really Windows XP that is affected more DirectX 7,8 & 9 that ships with that OS. Vista uses DirectX10.

This advisory only affects those who dabbled with Apple Quicktime media files.

Those who have not got Quicktime/Itunes installed are not affected.



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Alan_Baxter RE: Threat catagories ??
Member 8th Jun, 2009 00:49
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Last edited on 8th Jun, 2009 00:50
Was this reply relevant?
+0
-0
Maurice Joyce RE: Threat catagories ??
Handling Contributor 8th Jun, 2009 00:55
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Alan,
Thank U again - I stand corrected. It still does not affect me personally because I do not use quicktime media files which I understand can be used elsewhere other than via a Quicktime player.

My original thought stands. Unless U dabbled in Quicktime media U are not at risk nor is Windows XP.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Alan_Baxter RE: Threat catagories ??
Member 8th Jun, 2009 01:10
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Thank you for the reply, Maurice. Of course it depends on what you mean by dabble. ;)

It appears that an attacker would have to trick the user into executing more actions than simply visiting a malicious web site. But I bet the attacker does everything possible to hide from the user exactly what is going to be executed by any mouse clicks on the web page. Of course the user doesn't suspect it's a malicious site, otherwise he or she wouldn't be there.

I still advise non-Vista users to Enable the workaround I linked above. Better safe than sorry, eh?

http://www.microsoft.com/technet/security/advisory...
(unknown source)
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.
Was this reply relevant?
+0
-0
crackers RE: Threat catagories ??
Member 8th Jun, 2009 01:18
Score: 6
Posts: 17
User Since: 1st Mar 2009
System Score: N/A
Location: US
Thanks guys, for the CAT info......now guess I'd better find time to keep up on the Quicktime thing.....I read about that last week but assumed I was safe 'cuz I don't have it.....I'm not smart enough to do a workaround or whatever it is, I don't do registry stuff.
Was this reply relevant?
+0
-0
Alan_Baxter RE: Threat catagories ??
Member 8th Jun, 2009 01:23
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Yeah, don't mess around with the registry yourself. Fortunately MS has provided a one-click solution called a FixIt. Just go to http://support.microsoft.com/kb/971778 and click the FixIt button titled "Enable workaround". It's easy as pie.
Was this reply relevant?
+0
-0

This thread has been marked as locked.