Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011
From: Jerry Bryant [MSFT] (jbryant_at_online.microsoft.com)
Date: Thu, 22 Apr 2004 23:01:14 -0700
Note: www.microsoft.com/technet/security and www.microsoft.com/security are
authoritative in all matters concerning Microsoft Security Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.
What is this alert?
- Microsoft is aware of code available on the Internet that seeks to exploit
vulnerabilities addressed as part of our April 13th security updates. We are
investigating the situation to help protect our customers. Specifically,
the reports detail exploit code that attempts to use the IIS PCT/SSL
vulnerability on servers running Internet Information Services with the
Secure Socket Layer authentication enabled. This vulnerability is addressed
by bulletin MS04-011. Customers who have deployed MS04-011 are not at risk
from this exploit code.
- Microsoft considers these reports credible and serious and continues to
urge all customers to immediately install the MS4-011 update as well as the
other critical updates provided on April 13th.
- Customers who are still evaluating and testing MS04-011 should immediately
implement the workaround steps detailed for the PCT/SSL vulnerability
detailed in the MS04-011. In addition, Microsoft has published a knowledge
base article KB187498 at
provides additional details on SSL and how to disable PCT without applying
- We expect to see additional exploits and proof-of-concept code targeting
the April 2004 security bulletin release in coming days and weeks,
potentially including worm or virus examples.
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
Microsoft PSS Security Team
-- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights.