[Declude.JunkMail] OT: MS Security Bulletin MS04-011: IIS/SSL Exploit Code on the Loose

[Dan Geiser]

Hello, All, I know this is completely off-topic but I highly value the help the readers of the list often to give to me.  Sometimes I feel like the equation is a little overbalanced, i.e. I take more than I give, so I thought I'd send this your way, to save the readers of this list some grief, if possible.   Last week Microsoft released a Security Bulletin MS04-011, http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx, and yesterday they posted news on their web site of some exploit code available on the Internet for that bulletin, http://www.microsoft.com/security/incident/pctdisable.asp.  Yesterday afternoon around 5pm one of our web servers got hit by the exploit.  The reason I knew something was up was when a number of our SSL customers called this morning saying that the SSL portion of their web site was no longer working correctly.    I am completely up to date now and no worse for the wear.  I don't believe any damage was done other than shutting down the SSL functionality of the web server but I consider myself lucky.  If you want to read an assortment of article on the issue there's some good stuff on Google News, http://news.google.com/news?hl=en&edition=us&q=ms04-011.  One of the articles on Tom's Hardware, http://www.tomshardware.com/hardnews/20040421_093943.html, mentions some issues people have been having with the patch for the exploit so I don't want to say diving headlong into patching it is the best idea.  It's what I did BUT I didn't find the Tom's Hardware article until after I had patched it.  From the other stuff I've read it sounds like about 95% of the Win2k computers which apply this patch come up just fine but 5% might have issues.  So if you have a test environement in place you might apply it there first.   Anyway, I just wanted to make sure that you are all aware that there is live exploits going on for this Microsoft security issues released about 10 days ago.   Take Care, Dan Geiser [EMAIL PROTECTED]