Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011
From: Jonathan Maltz [MS-MVP] (jmaltz_at_mvps.org)
Date: 04/25/04
- Previous message: Karl Levinson [x y] mvp: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- In reply to: Karl Levinson [x y] mvp: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Apr 2004 15:28:20 -0400
Hi Karl,
Thanks
-- --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out here Only reply by newsgroup. I do not do technical support via email. Any emails I have not authorized are deleted before I see them. "Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message news:%237I1sOsKEHA.3076@TK2MSFTNGP10.phx.gbl... > The workaround is the same, but you don't need a workaround for Server 2003, > unless you have enabled TLS 1.0 Server 2003 is not vulnerable to this by > default. Both SSL 2.0 and TLS 1.0 must be enabled to be vulnerable. > > > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message > news:eASx0aWKEHA.4032@TK2MSFTNGP10.phx.gbl... > > Is there an article for IIS 6.0? > > > > 04-011 is indicated for Server 2003 as well > > > > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find > out > > here > > Only reply by newsgroup. I do not do technical support via email. Any > > emails I have not authorized are deleted before I see them. > > > > > > "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message > > news:%233aEkhPKEHA.3944@tk2msftngp13.phx.gbl... > > > Note: www.microsoft.com/technet/security and www.microsoft.com/security > > are > > > authoritative in all matters concerning Microsoft Security Bulletins! > ANY > > > e-mail, web board or newsgroup posting (including this one) should be > > > verified by visiting these sites for official information. Microsoft > never > > > sends security or other updates as attachments. These updates must be > > > downloaded from the microsoft.com download center or Windows Update. See > > the > > > individual bulletins for details. > > > > > > Because some malicious messages attempt to masquerade as official > > Microsoft > > > security notices, it is recommended that you physically type the URLs > into > > > your web browser and not click on the hyperlinks provided. > > > > > > What is this alert? > > > > > > - Microsoft is aware of code available on the Internet that seeks to > > exploit > > > vulnerabilities addressed as part of our April 13th security updates. We > > are > > > investigating the situation to help protect our customers. > Specifically, > > > the reports detail exploit code that attempts to use the IIS PCT/SSL > > > vulnerability on servers running Internet Information Services with the > > > Secure Socket Layer authentication enabled. This vulnerability is > > addressed > > > by bulletin MS04-011. Customers who have deployed MS04-011 are not at > > risk > > > from this exploit code. > > > > > > - Microsoft considers these reports credible and serious and continues > to > > > urge all customers to immediately install the MS4-011 update as well as > > the > > > other critical updates provided on April 13th. > > > > > > - Customers who are still evaluating and testing MS04-011 should > > immediately > > > implement the workaround steps detailed for the PCT/SSL vulnerability > > > detailed in the MS04-011. In addition, Microsoft has published a > > knowledge > > > base article KB187498 at > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 which > > > provides additional details on SSL and how to disable PCT without > applying > > > MS04-011. > > > > > > - We expect to see additional exploits and proof-of-concept code > targeting > > > the April 2004 security bulletin release in coming days and weeks, > > > potentially including worm or virus examples. > > > > > > If you have any questions regarding the security updates or its > > > implementation after reading the above listed bulletin you should > contact > > > Product Support Services in the United States at 1-866-PCSafety > > > (1-866-727-2338). International customers should contact their local > > > subsidiary. > > > > > > Thank you, > > > Microsoft PSS Security Team > > > > > > -- > > > Regards, > > > > > > Jerry Bryant - MCSE, MCDBA > > > Microsoft IT Communities > > > > > > Get Secure! www.microsoft.com/security > > > > > > > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > > > > > > > > > >
- Previous message: Karl Levinson [x y] mvp: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- In reply to: Karl Levinson [x y] mvp: "Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
