Re: Product Support Services - MALICIOUS ACTIVITY RELATING TO MS04-011

From: Jonathan Maltz [MS-MVP] (jmaltz_at_mvps.org)
Date: 04/25/04

  • Next message: Anton ml. Vahčič: "outlook express and deleted mail"
    Date: Sun, 25 Apr 2004 15:28:20 -0400
    
    

    Hi Karl,

    Thanks

    -- 
    --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
    http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
    tutorial site :-)
    http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find out
    here
    Only reply by newsgroup.  I do not do technical support via email.  Any
    emails I have not authorized are deleted before I see them.
    "Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
    news:%237I1sOsKEHA.3076@TK2MSFTNGP10.phx.gbl...
    > The workaround is the same, but you don't need a workaround for Server
    2003,
    > unless you have enabled TLS 1.0  Server 2003 is not vulnerable to this by
    > default.  Both SSL 2.0 and TLS 1.0 must be enabled to be vulnerable.
    >
    >
    > "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
    > news:eASx0aWKEHA.4032@TK2MSFTNGP10.phx.gbl...
    > > Is there an article for IIS 6.0?
    > >
    > > 04-011 is indicated for Server 2003 as well
    > >
    > > -- 
    > > --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
    > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
    > > tutorial site :-)
    > > http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find
    > out
    > > here
    > > Only reply by newsgroup.  I do not do technical support via email.  Any
    > > emails I have not authorized are deleted before I see them.
    > >
    > >
    > > "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
    > > news:%233aEkhPKEHA.3944@tk2msftngp13.phx.gbl...
    > > > Note: www.microsoft.com/technet/security and
    www.microsoft.com/security
    > > are
    > > > authoritative in all matters concerning Microsoft Security Bulletins!
    > ANY
    > > > e-mail, web board or newsgroup posting (including this one) should be
    > > > verified by visiting these sites for official information. Microsoft
    > never
    > > > sends security or other updates as attachments. These updates must be
    > > > downloaded from the microsoft.com download center or Windows Update.
    See
    > > the
    > > > individual bulletins for details.
    > > >
    > > > Because some malicious messages attempt to masquerade as official
    > > Microsoft
    > > > security notices, it is recommended that you physically type the URLs
    > into
    > > > your web browser and not click on the hyperlinks provided.
    > > >
    > > > What is this alert?
    > > >
    > > > - Microsoft is aware of code available on the Internet that seeks to
    > > exploit
    > > > vulnerabilities addressed as part of our April 13th security updates.
    We
    > > are
    > > > investigating the situation to help protect our customers.
    > Specifically,
    > > > the reports detail exploit code that attempts to use the IIS PCT/SSL
    > > > vulnerability on servers running Internet Information Services with
    the
    > > > Secure Socket Layer authentication enabled.  This vulnerability is
    > > addressed
    > > > by bulletin MS04-011.  Customers who have deployed MS04-011 are not at
    > > risk
    > > > from this exploit code.
    > > >
    > > > - Microsoft considers these reports credible and serious and continues
    > to
    > > > urge all customers to immediately install the MS4-011 update as well
    as
    > > the
    > > > other critical updates provided on April 13th.
    > > >
    > > > - Customers who are still evaluating and testing MS04-011 should
    > > immediately
    > > > implement the workaround steps detailed for the PCT/SSL vulnerability
    > > > detailed in the MS04-011.  In addition, Microsoft has published a
    > > knowledge
    > > > base article KB187498 at
    > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;187498  which
    > > > provides additional details on SSL and how to disable PCT without
    > applying
    > > > MS04-011.
    > > >
    > > > - We expect to see additional exploits and proof-of-concept code
    > targeting
    > > > the April 2004 security bulletin release in coming days and weeks,
    > > > potentially including worm or virus examples.
    > > >
    > > > If you have any questions regarding the security updates or its
    > > > implementation after reading the above listed bulletin you should
    > contact
    > > > Product Support Services in the United States at 1-866-PCSafety
    > > > (1-866-727-2338).  International customers should contact their local
    > > > subsidiary.
    > > >
    > > > Thank you,
    > > > Microsoft PSS Security Team
    > > >
    > > > -- 
    > > > Regards,
    > > >
    > > > Jerry Bryant - MCSE, MCDBA
    > > > Microsoft IT Communities
    > > >
    > > > Get Secure! www.microsoft.com/security
    > > >
    > > >
    > > > This posting is provided "AS IS" with no warranties, and confers no
    > > rights.
    > > >
    > > >
    > >
    > >
    >
    >
    

  • Next message: Anton ml. Vahčič: "outlook express and deleted mail"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #171
      ... Better Management for Network Security ... GoodTech Telnet Server Remote Denial Of Service Vulnerabilit... ... ASPApp PortalAPP Remote User Database Access Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #176
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #142
      ... MICROSOFT VULNERABILITY SUMMARY ... Mollensoft Enceladus Server Suite Clear Text Password Storage... ... FakeBO Syslog Format String Vulnerability ... Methodus 3 Web Server File Disclosure Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • [NT] Vulnerability in the Microsoft Collaboration Data Objects Allows Remote Code Execution (MS05-04
      ... Get your security news from a reliable source. ... A remote code execution vulnerability exists in Collaboration Data Objects ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ... * Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service ...
      (Securiteam)