Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 04/25/04
- Previous message: Dale Koetke [MSFT]: "Re: MOM Management Pack for Certificate Services"
- In reply to: Jonathan Maltz [MS-MVP]: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Next in thread: Jonathan Maltz [MS-MVP]: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Reply: Jonathan Maltz [MS-MVP]: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Apr 2004 08:53:31 -0400
The workaround is the same, but you don't need a workaround for Server 2003,
unless you have enabled TLS 1.0 Server 2003 is not vulnerable to this by
default. Both SSL 2.0 and TLS 1.0 must be enabled to be vulnerable.
"Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
news:eASx0aWKEHA.4032@TK2MSFTNGP10.phx.gbl...
> Is there an article for IIS 6.0?
>
> 04-011 is indicated for Server 2003 as well
>
> --
> --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
> http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
> tutorial site :-)
> http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find
out
> here
> Only reply by newsgroup. I do not do technical support via email. Any
> emails I have not authorized are deleted before I see them.
>
>
> "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:%233aEkhPKEHA.3944@tk2msftngp13.phx.gbl...
> > Note: www.microsoft.com/technet/security and www.microsoft.com/security
> are
> > authoritative in all matters concerning Microsoft Security Bulletins!
ANY
> > e-mail, web board or newsgroup posting (including this one) should be
> > verified by visiting these sites for official information. Microsoft
never
> > sends security or other updates as attachments. These updates must be
> > downloaded from the microsoft.com download center or Windows Update. See
> the
> > individual bulletins for details.
> >
> > Because some malicious messages attempt to masquerade as official
> Microsoft
> > security notices, it is recommended that you physically type the URLs
into
> > your web browser and not click on the hyperlinks provided.
> >
> > What is this alert?
> >
> > - Microsoft is aware of code available on the Internet that seeks to
> exploit
> > vulnerabilities addressed as part of our April 13th security updates. We
> are
> > investigating the situation to help protect our customers.
Specifically,
> > the reports detail exploit code that attempts to use the IIS PCT/SSL
> > vulnerability on servers running Internet Information Services with the
> > Secure Socket Layer authentication enabled. This vulnerability is
> addressed
> > by bulletin MS04-011. Customers who have deployed MS04-011 are not at
> risk
> > from this exploit code.
> >
> > - Microsoft considers these reports credible and serious and continues
to
> > urge all customers to immediately install the MS4-011 update as well as
> the
> > other critical updates provided on April 13th.
> >
> > - Customers who are still evaluating and testing MS04-011 should
> immediately
> > implement the workaround steps detailed for the PCT/SSL vulnerability
> > detailed in the MS04-011. In addition, Microsoft has published a
> knowledge
> > base article KB187498 at
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 which
> > provides additional details on SSL and how to disable PCT without
applying
> > MS04-011.
> >
> > - We expect to see additional exploits and proof-of-concept code
targeting
> > the April 2004 security bulletin release in coming days and weeks,
> > potentially including worm or virus examples.
> >
> > If you have any questions regarding the security updates or its
> > implementation after reading the above listed bulletin you should
contact
> > Product Support Services in the United States at 1-866-PCSafety
> > (1-866-727-2338). International customers should contact their local
> > subsidiary.
> >
> > Thank you,
> > Microsoft PSS Security Team
> >
> > --
> > Regards,
> >
> > Jerry Bryant - MCSE, MCDBA
> > Microsoft IT Communities
> >
> > Get Secure! www.microsoft.com/security
> >
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
>
>
- Previous message: Dale Koetke [MSFT]: "Re: MOM Management Pack for Certificate Services"
- In reply to: Jonathan Maltz [MS-MVP]: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Next in thread: Jonathan Maltz [MS-MVP]: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Reply: Jonathan Maltz [MS-MVP]: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
