lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003401c42950$9f6e3960$d4f0bb51@vegetabl3.org>
Date: Fri, 23 Apr 2004 17:32:50 +0100
From: "advisories" <advisories@...saire.com>
To: <bugtraq@...urityfocus.com>
Subject: Potential Microsoft PCT worm (MS04-011)



Potential Microsoft PCT worm (MS04-011)

A revised exploit has been released for the PCT flaw in the last 24-hrs by
THC (THCIISSLame.c). For the last few hours we have also been receiving
uncorroborated anecdotal evidence from reliable sources that a working worm
is being trialled on the Internet, in preparation for imminent release. The
primary concern is that this flaw affects unpatched SSL enabled IIS servers,
which could potentially be thousands of hosts.

The official Microsoft patch (MS04-011) is strongly recommended for
immediate application. However, for some organisations, change control and
software dependency testing have meant that there has not been enough time
to test and apply the patch widely. Additionally there have been reports of
some organisations experiencing reliability issues after applying this
patch, and so they have halted the rollout.

As time is of the essence, an alternative to applying the patch is available
by disabling PCT. This option has been tested by Corsaire with the THC
exploit on Microsoft Windows 2000 SP4 IIS only (but we have no reason to
doubt that this approach will work just as well on the alternative MS
platforms).

There is a Microsoft knowledgebase article that describes the full process.
Be sure to follow the instructions to the letter, otherwise there is the
risk that you will still be exposed:
http://support.microsoft.com/default.aspx?scid=kb;en-us;187498


-- Background --

Microsoft Security Bulletin MS04-011 (Microsoft) Microsoft
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx


-- Distribution --

This security advisory may be freely distributed, provided that it
remains unaltered and in its original form.


-- Disclaimer --

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. Corsaire
accepts no responsibility for any damage caused by the use or misuse of
this information.


Copyright 2004 Corsaire Limited. All rights reserved.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ