Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011

From: Jerry Bryant [MSFT] (jbryant_at_online.microsoft.com)
Date: 04/23/04


Date: Thu, 22 Apr 2004 23:01:14 -0700

Note: www.microsoft.com/technet/security and www.microsoft.com/security are
authoritative in all matters concerning Microsoft Security Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

What is this alert?

- Microsoft is aware of code available on the Internet that seeks to exploit
vulnerabilities addressed as part of our April 13th security updates. We are
investigating the situation to help protect our customers. Specifically,
the reports detail exploit code that attempts to use the IIS PCT/SSL
vulnerability on servers running Internet Information Services with the
Secure Socket Layer authentication enabled. This vulnerability is addressed
by bulletin MS04-011. Customers who have deployed MS04-011 are not at risk
from this exploit code.

- Microsoft considers these reports credible and serious and continues to
urge all customers to immediately install the MS4-011 update as well as the
other critical updates provided on April 13th.

- Customers who are still evaluating and testing MS04-011 should immediately
implement the workaround steps detailed for the PCT/SSL vulnerability
detailed in the MS04-011. In addition, Microsoft has published a knowledge
base article KB187498 at
http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 which
provides additional details on SSL and how to disable PCT without applying
MS04-011.

- We expect to see additional exploits and proof-of-concept code targeting
the April 2004 security bulletin release in coming days and weeks,
potentially including worm or virus examples.

If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.

Thank you,
Microsoft PSS Security Team

-- 
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.


Relevant Pages

  • Neue Sicherheits-Bulletins - KRITISCHE UPDATES - Bitte beachten
    ... Bulletin Anfang. ... Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities: ... Windows Services for UNIX, ...
    (microsoft.public.de.german.visio)
  • <>
    ... > Microsoft Security Bulletin Advance Notification issued: ... > Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. ...
    (microsoft.public.windows.server.sbs)
  • Microsoft Security Bulletin MS01-055 (Version 2.0)
    ... The following is a Security Bulletin from the Microsoft Product Security ... The third vulnerability is a new variant of a vulnerability ...
    (Bugtraq)
  • REVISED: Microsoft Windows Security Bulletin Summary for October 2003
    ... Subsequent to the release of the Windows Security Bulletin Summary ... vulnerabilities in Microsoft Windows. ...
    (microsoft.public.security.virus)
  • Microsoft Security Bulletin MS01-057 (version 2.0)
    ... The following is a Security Bulletin from the Microsoft Product Security ... the Outlook Web Access (OWA) server on which the patch is ...
    (Bugtraq)