Re: << Small Biz Server news the week of May 2, 2004>>
From: Jack Ping (jack)
Date: 05/03/04
- Next message: Polp: "please help - still problem "You are not authorized to view this page" on companyweb"
- Previous message: SuperGumby [SBS MVP]: "Re: DNS not forwarding microsoft.com"
- In reply to: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "<< Small Biz Server news the week of May 2, 2004>>"
- Next in thread: Javier Gomez [SBS MVP]: "Re: << Small Biz Server news the week of May 2, 2004>>"
- Reply: Javier Gomez [SBS MVP]: "Re: << Small Biz Server news the week of May 2, 2004>>"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 03 May 2004 00:34:25 -0700
Hi Susan,
After I patched MS04-011, my 443 port is still open under www.grc.com
test. Do you know by any chance where the problem is?
Thanks a lot
Jack
On Sun, 02 May 2004 23:13:17 -0700, "Susan Bradley, CPA aka Ebitz SBS
Rocks [MVP] " <sbradcpa@pacbell.net> wrote:
>Here I am at the AICPA Tech conf in Las Vegas at the Venetian hotel.
>
>News this week... I'm passing along an email from the MS listserve....
>
>If you have port 443 open on your SBS 2k system ... watch out as we're
>seeing exploits.
>
>How do I know if port 443 is open?
>
>Go to https://grc.com/x/ne.dll?bh0bkyd2 and click on proceed, then on
>"common ports". If port 443 is closed or stealth, you are in good
>shape. If you have open port 443, then you need to patch NOW.
>------------------
>
>Hello all~
>
>With Brett’s permission, I wanted to take a brief moment to reach as
>many IIS 5.0 administrators as possible to warn them against not having
>the MS04-011 fix. Microsoft is currently seeing an increase in
>customers who are being hit by the exploits released within the past two
>weeks which creates a Denial of Service (DoS) against servers who are
>using SSL. It is important to note that this exploit does not impact
>your servers which are ONLY using HTTP (non-secure).
>
>With that said, I would like to personally ask all IIS administrators to
>take the time to test and install MS04-011. The critical update is
>located here:
>
>MS04-011 Information:
>http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
>
>Critical Update:
>http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en
>
>Considerations:
>
>If you are using SSL on your IIS 5.0 servers and have not patched your
>systems you will be vulnerable to the DoS against exploits. The
>symptoms are easily recognized by the following in your System event viewer:
>
>Source: LsaSrv
>
>Event ID: 5000
>
>Description: The security package Microsoft Unified Security Protocol
>Package generated an exception. The package is now disabled. The
>exception information is the data.
>
>The method to correct this problem is the following:
>
> a). Rebooting the server will recycle the SSL components and allow
>your site to resume service (but unpatched)
>
> b). Install MS04-011 which mitigates the exploit
>
>Current Investigations:
>
>Microsoft is currently investigating problems related to installations
>of IIS 5.0 and SSL with Client Certificates.
>
>In short, IIS 5.0 installations which use large Certificate Revocation
>Lists (CRL) might lead to client certificates failing. However, it is
>still recommended that you install the hotfix if at all possible to
>avoid not having important fixes above and beyond the SSL fix.
>
>Situations where Microsoft has seen Client Certificates fail:
>
> a). Certificate Trust List’s failures – Resolve this by disabling
>use of CTL’s
>(http://support.microsoft.com/default.aspx?scid=kb;en-us;216485)
>
> b). CA’s are getting restricted to no longer accept Client Certs –
>No Documentation, but using the Certificates Snap-In and editing the
>Usage can mitigate - contact me if you need more details.
>
> c). CRL lookup problems: Occurs with large CRL files. Disable CRL
>Checking on your IIS 5.0 Server
>((http://support.microsoft.com/default.aspx?scid=kb;en-us;295070)
>
>At this time, we have not currently released a update that addresses all
>of the issues which are listed in this mail. There are also other
>random issues which we have not confirmed as being related to MS04-011
>but lack confirmation. It is suggested that you monitor the Technet
>security center at www.microsoft.com/technet/security to watch for
>updates to resolve these problems.
>
>In conclusion, most IIS installations will not be effected by the few
>considerations listed in this email. This is the reason we are
>requesting that all customers test and install MS04-011 on their Windows
>2000 SP 2, 3, or 4 machines.
>
>Thanks in advance for your time,
>
>~Chris Adams
>
>Web Platform Supportability Lead
>
>IIS: www.microsoft.com/iis
>------------------------
>Two Arrested in First Test of Anti-Spam Law
>Federal authorities said Thursday that they had
>arrested two e-mail marketers and were searching
>for two others in the government's first use of
>a new law designed to crack down on "spam" e-mail.
>A raid was conducted on a Detroit-area operation
>accused of sending out millions of e-mail
>advertisements for a fraudulent weight-loss
>patch, the Federal Trade Commission said.
>http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8543317.htm
>http://www.latimes.com/technology/la-fi-spam30apr30,1,5104872.story
>http://www.newsfactor.com/story.xhtml?story_title=Can_Spam_Law_Meets_Its_First_Test&story_id=23901
>http://www.cnn.com/2004/LAW/04/29/internet.spam.ap/index.html
>http://www.vnunet.com/News/1154843
>
>Survey: Spam will beat Bill Gates
>http://zdnet.com.com/2100-1105_2-5202203.html
>Spam Report Card: 2004
>http://zdnet.com.com/2100-1105_2-5202236.html
>- - - - - - - - - -
>- - - - - - - - - -
>Alarm growing over bot software
>While many network administrators worry about
>the next worm, security experts are warning that
>a quieter but equally damaging threat is slowly
>gaining control of large networks of computers.
>Known as bot software, the remote attack tools
>can seek out and place themselves on vulnerable
>computers, then run silently in the background,
>letting an attacker send commands to the system
>while its owner works away, oblivious. The latest
>versions of the software created by the security
>underground let attackers control compromised
>computers through chat servers and peer-to-peer
>networks, command the software to attack other
>computers and steal information from infected
>systems.
>http://zdnet.com.com/2100-1105_2-5202236.html
>
>House probes spyware
>http://www.cnn.com/2004/TECH/internet/04/30/spyware.ap/index.html
>http://www.usatoday.com/tech/news/techpolicy/2004-04-30-spyware_x.htm
>- - - - - - - - - -
>Nasty Malware Fouls PCs With Porn
>Last Sunday, Maria DelGiorno gave up. She unplugged
>her laptop PC and carefully placed it underneath
>a statue of the Virgin Mary. "It was the only thing
>I could think of doing," said the 67-year-old
>great-grandmother. "The computer was filled with
>filthy things. It was embarrassing. My grandchildren
>kept asking me why I was looking at so much
>pornography."
>http://www.wired.com/news/infostructure/0,1377,63280,00.html
>- - - - - - - - - -
>Experts warn of Bluetooth security hole
>Thieves have acquired new weapons to exploit
>Bluetooth-enabled phones and computers to steal
>valuable data, experts warn. Though Bluetooth
>integrates certain security measures, security
>expert Adam Laurie has shown reporters at the
>BBC how he can 'bluesnarf' into other Bluetooth-
>enabled devices without permission using some
>software and a Bluetooth-capable computer.
>http://www.macworld.co.uk/news/main_news.cfm?NewsID=8568
>- - - - - - - - - -
>- - - - - - - - - -
>Lawmakers vow to pass new law against spyware
>U.S. lawmakers vowed today to pass legislation
>to stop deceptive software even though regulators
>advised against any new laws. Both Republicans
>and Democrats on the House Energy and Commerce
>Committee said new laws were needed to stop the
>proliferation of so-called spyware, which hides
>in users' computers and secretly monitors their
>activities.
>http://computerworld.com/governmenttopics/government/legislation/story/0,10801,92762,00.html
>http://news.com.com/2100-1023_3-5202016.html
>http://msnbc.msn.com/id/4865172/
>
>FTC officials blast spyware measures
>Two Federal Trade Commission officials ignited
>a political firestorm on Thursday by criticizing
>proposed laws targeting spyware and suggesting
>that the measures might harm legitimate software
>products, too. During an appearance before a
>House of Representatives panel, FTC Commissioner
>Mozelle Thompson said the measures were the
>wrong approach to spyware and adware. "I do not
>believe legislation is the answer at this time,"
>he said. "Instead, we should give industry the
>time to respond...Self-regulation combined with
>enforcement of existing laws might be the best
>way to go."
>http://zdnet.com.com/2100-1104_2-5202016.html
>- - - - - - - - - -
>Hidden 'backdoors' worry security firms
>The recent spate of Netsky and Bagle worms is
>not just a problem now: it may compromise thousands
>of PCs for the foreseeable future, say security
>experts Software "back doors" that can give hackers
>full control over an infected PC are becoming more
>difficult to detect because of the sheer number of
>viruses and worms that can now distribute this type
>of malware, say security experts.
>http://news.zdnet.co.uk/internet/security/0,39020375,39153343,00.htm
>- - - - - - - - - -
>Microsoft SSL patch creating SSLowdowns
>Microsoft Corp. said yesterday that a recently
>released software patch for its Windows operating
>system is causing some Windows 2000 machines to
>stop responding after it is installed. Some systems
>that use security update MS04-011 stop responding
>when they start up, prevent users from logging onto
>Windows or bog down, Microsoft said in an article
>in its Knowledge Base online help database.
>http://computerworld.com/securitytopics/security/story/0,10801,92757,00.html
>- - - - - - - - - -
- Next message: Polp: "please help - still problem "You are not authorized to view this page" on companyweb"
- Previous message: SuperGumby [SBS MVP]: "Re: DNS not forwarding microsoft.com"
- In reply to: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "<< Small Biz Server news the week of May 2, 2004>>"
- Next in thread: Javier Gomez [SBS MVP]: "Re: << Small Biz Server news the week of May 2, 2004>>"
- Reply: Javier Gomez [SBS MVP]: "Re: << Small Biz Server news the week of May 2, 2004>>"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
