Note: www.microsoft.com/technet/security and www.microsoft.com/security are
authoritative in all matters concerning Microsoft Security Bulletins! ANY
e-mail, web board or newsgroup posting (including this one) should be
verified by visiting these sites for official information. Microsoft never
sends security or other updates as attachments. These updates must be
downloaded from the microsoft.com download center or Windows Update. See the
individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft
security notices, it is recommended that you physically type the URLs into
your web browser and not click on the hyperlinks provided.

What is this alert?

- Microsoft is aware of code available on the Internet that seeks to exploit
vulnerabilities addressed as part of our April 13th security updates. We are
investigating the situation to help protect our customers.  Specifically,
the reports detail exploit code that attempts to use the IIS PCT/SSL
vulnerability on servers running Internet Information Services with the
Secure Socket Layer authentication enabled.  This vulnerability is addressed
by bulletin MS04-011.  Customers who have deployed MS04-011 are not at risk
from this exploit code.

- Microsoft considers these reports credible and serious and continues to
urge all customers to immediately install the MS4-011 update as well as the
other critical updates provided on April 13th.

- Customers who are still evaluating and testing MS04-011 should immediately
implement the workaround steps detailed for the PCT/SSL vulnerability
detailed in the MS04-011.  In addition, Microsoft has published a knowledge
base article KB187498 at
http://support.microsoft.com/defaul...kb;en-us;187498  which
provides additional details on SSL and how to disable PCT without applying
MS04-011.

- We expect to see additional exploits and proof-of-concept code targeting
the April 2004 security bulletin release in coming days and weeks,
potentially including worm or virus examples.

If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338).  International customers should contact their local
subsidiary.

Thank you,
Microsoft PSS Security Team

--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security


This posting is provided "AS IS" with no warranties, and confers no rights.

[ Post a follow-up to this message ]

I'd like to add something about compensating controls: attack signatures are
available for all major NIDS including Snort; Nessus and other vulnerability
scanners can now detect vulnerable systems. Patch now, and use other tools
to detect and verify.

I will not be surprised if a new internet worm will be out tonight.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-


"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:#3aEkhPKEHA.3944@tk2msftngp13.phx.gbl...
> Note: www.microsoft.com/technet/security and www.microsoft.com/security
are
> authoritative in all matters concerning Microsoft Security Bulletins! ANY
> e-mail, web board or newsgroup posting (including this one) should be
> verified by visiting these sites for official information. Microsoft never
> sends security or other updates as attachments. These updates must be
> downloaded from the microsoft.com download center or Windows Update. See
the
> individual bulletins for details.
>
> Because some malicious messages attempt to masquerade as official
Microsoft
> security notices, it is recommended that you physically type the URLs into
> your web browser and not click on the hyperlinks provided.
>
> What is this alert?
>
> - Microsoft is aware of code available on the Internet that seeks to
exploit
> vulnerabilities addressed as part of our April 13th security updates. We
are
> investigating the situation to help protect our customers.  Specifically,
> the reports detail exploit code that attempts to use the IIS PCT/SSL
> vulnerability on servers running Internet Information Services with the
> Secure Socket Layer authentication enabled.  This vulnerability is
addressed
> by bulletin MS04-011.  Customers who have deployed MS04-011 are not at
risk
> from this exploit code.
>
> - Microsoft considers these reports credible and serious and continues to
> urge all customers to immediately install the MS4-011 update as well as
the
> other critical updates provided on April 13th.
>
> - Customers who are still evaluating and testing MS04-011 should
immediately
> implement the workaround steps detailed for the PCT/SSL vulnerability
> detailed in the MS04-011.  In addition, Microsoft has published a
knowledge
> base article KB187498 at
> http://support.microsoft.com/defaul...kb;en-us;187498  which
> provides additional details on SSL and how to disable PCT without applying
> MS04-011.
>
> - We expect to see additional exploits and proof-of-concept code targeting
> the April 2004 security bulletin release in coming days and weeks,
> potentially including worm or virus examples.
>
> If you have any questions regarding the security updates or its
> implementation after reading the above listed bulletin you should contact
> Product Support Services in the United States at 1-866-PCSafety
> (1-866-727-2338).  International customers should contact their local
> subsidiary.
>
> Thank you,
> Microsoft PSS Security Team
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>

[ Post a follow-up to this message ]

Is there an article for IIS 6.0?

04-011 is indicated for Server 2003 as well

--
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find out
here
Only reply by newsgroup.  I do not do technical support via email.  Any
emails I have not authorized are deleted before I see them.


"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:%233aEkhPKEHA.3944@tk2msftngp13.phx.gbl...
> Note: www.microsoft.com/technet/security and www.microsoft.com/security
are
> authoritative in all matters concerning Microsoft Security Bulletins! ANY
> e-mail, web board or newsgroup posting (including this one) should be
> verified by visiting these sites for official information. Microsoft never
> sends security or other updates as attachments. These updates must be
> downloaded from the microsoft.com download center or Windows Update. See
the
> individual bulletins for details.
>
> Because some malicious messages attempt to masquerade as official
Microsoft
> security notices, it is recommended that you physically type the URLs into
> your web browser and not click on the hyperlinks provided.
>
> What is this alert?
>
> - Microsoft is aware of code available on the Internet that seeks to
exploit
> vulnerabilities addressed as part of our April 13th security updates. We
are
> investigating the situation to help protect our customers.  Specifically,
> the reports detail exploit code that attempts to use the IIS PCT/SSL
> vulnerability on servers running Internet Information Services with the
> Secure Socket Layer authentication enabled.  This vulnerability is
addressed
> by bulletin MS04-011.  Customers who have deployed MS04-011 are not at
risk
> from this exploit code.
>
> - Microsoft considers these reports credible and serious and continues to
> urge all customers to immediately install the MS4-011 update as well as
the
> other critical updates provided on April 13th.
>
> - Customers who are still evaluating and testing MS04-011 should
immediately
> implement the workaround steps detailed for the PCT/SSL vulnerability
> detailed in the MS04-011.  In addition, Microsoft has published a
knowledge
> base article KB187498 at
> http://support.microsoft.com/defaul...kb;en-us;187498  which
> provides additional details on SSL and how to disable PCT without applying
> MS04-011.
>
> - We expect to see additional exploits and proof-of-concept code targeting
> the April 2004 security bulletin release in coming days and weeks,
> potentially including worm or virus examples.
>
> If you have any questions regarding the security updates or its
> implementation after reading the above listed bulletin you should contact
> Product Support Services in the United States at 1-866-PCSafety
> (1-866-727-2338).  International customers should contact their local
> subsidiary.
>
> Thank you,
> Microsoft PSS Security Team
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>

[ Post a follow-up to this message ]

The workaround is the same, but you don't need a workaround for Server 2003,
unless you have enabled TLS 1.0  Server 2003 is not vulnerable to this by
default.  Both SSL 2.0 and TLS 1.0 must be enabled to be vulnerable.


"Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
news:eASx0aWKEHA.4032@TK2MSFTNGP10.phx.gbl...
> Is there an article for IIS 6.0?
>
> 04-011 is indicated for Server 2003 as well
>
> --
> --Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
> http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
> tutorial site :-)
> http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find
out
> here
> Only reply by newsgroup.  I do not do technical support via email.  Any
> emails I have not authorized are deleted before I see them.
>
>
> "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> news:%233aEkhPKEHA.3944@tk2msftngp13.phx.gbl... 
> are 
ANY[vbcol=seagreen] 
never[vbcol=seagreen] 
> the 
> Microsoft 
into[vbcol=seagreen] 
> exploit 
> are 
Specifically,[vbcol=seagreen] 
> addressed 
> risk 
to[vbcol=seagreen] 
> the 
> immediately 
> knowledge 
applying[vbcol=seagreen] 
targeting[vbcol=seagreen] 
contact[vbcol=seagreen] 
> rights. 
>
>

[ Post a follow-up to this message ]

Hi Karl,

Thanks

--
--Jonathan Maltz [Microsoft MVP - Windows Server, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004?  Find out
here
Only reply by newsgroup.  I do not do technical support via email.  Any
emails I have not authorized are deleted before I see them.


"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:%237I1sOsKEHA.3076@TK2MSFTNGP10.phx.gbl...
> The workaround is the same, but you don't need a workaround for Server
2003,
> unless you have enabled TLS 1.0  Server 2003 is not vulnerable to this by
> default.  Both SSL 2.0 and TLS 1.0 must be enabled to be vulnerable.
>
>
> "Jonathan Maltz [MS-MVP]" <jmaltz@mvps.org> wrote in message
> news:eASx0aWKEHA.4032@TK2MSFTNGP10.phx.gbl... 
> out 
www.microsoft.com/security[vbcol=seagreen] 
> ANY 
> never 
See[vbcol=seagreen] 
> into 
We[vbcol=seagreen] 
> Specifically, 
the[vbcol=seagreen] 
> to 
as[vbcol=seagreen] 
> applying 
> targeting 
> contact 
>
>

[ Post a follow-up to this message ]