Potential Microsoft PCT worm (MS04-011)
From: advisories (advisories_at_corsaire.com)
Date: 04/23/04
- Previous message: advisories_at_atstake.com: "Netegrity SiteMinder Affiliate Agent Cookie Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Fri, 23 Apr 2004 17:32:50 +0100
Potential Microsoft PCT worm (MS04-011)
A revised exploit has been released for the PCT flaw in the last 24-hrs by
THC (THCIISSLame.c). For the last few hours we have also been receiving
uncorroborated anecdotal evidence from reliable sources that a working worm
is being trialled on the Internet, in preparation for imminent release. The
primary concern is that this flaw affects unpatched SSL enabled IIS servers,
which could potentially be thousands of hosts.
The official Microsoft patch (MS04-011) is strongly recommended for
immediate application. However, for some organisations, change control and
software dependency testing have meant that there has not been enough time
to test and apply the patch widely. Additionally there have been reports of
some organisations experiencing reliability issues after applying this
patch, and so they have halted the rollout.
As time is of the essence, an alternative to applying the patch is available
by disabling PCT. This option has been tested by Corsaire with the THC
exploit on Microsoft Windows 2000 SP4 IIS only (but we have no reason to
doubt that this approach will work just as well on the alternative MS
platforms).
There is a Microsoft knowledgebase article that describes the full process.
Be sure to follow the instructions to the letter, otherwise there is the
risk that you will still be exposed:
http://support.microsoft.com/default.aspx?scid=kb;en-us;187498
-- Background --
Microsoft Security Bulletin MS04-011 (Microsoft) Microsoft
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
-- Distribution --
This security advisory may be freely distributed, provided that it
remains unaltered and in its original form.
-- Disclaimer --
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. Corsaire
accepts no responsibility for any damage caused by the use or misuse of
this information.
Copyright 2004 Corsaire Limited. All rights reserved.
- Previous message: advisories_at_atstake.com: "Netegrity SiteMinder Affiliate Agent Cookie Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
