blogs.msdn.com/brianjo

Brian Johnson's Startup Developer Blog

Exploit Code Related to Security Bulletin MS04-011

Exploit Code Related to Security Bulletin MS04-011

  • Comments 5
If you visit the MSDN Security Developer Center, you'll see a headline dealing with a published exploit we're tracking that takes advantage of an issue from MS04-011. Read the information page for the full scoop, but the bottom line is this: If you're running a Web server, you should patch your machines as soon as possible. If you are still evaluating the patch, you should disable PCT support through the registry as described on the page we're linking to and in KB Article 187498.
Information about code that attempts to exploit PCT in SSL
Microsoft is aware of reports of code available on the Internet that seeks to exploit certain issues addressed in our April 13 security updates. This so-called exploit code affects the Private Communications Transport (PCT) protocol, which is part of the Microsoft Secure Sockets Layer (SSL) library.
Comments
  • That patch hosed a few of the machines that I
    support. The Proc will rail at 100 %. Microsoft
    pretended to be surprised. Beware

  • Tony,

    Check if you are using MS IPSEC Policy Agent (perhaps ipsecw2k.sys conflicting with a 3rd party IPSEC/VPN product) - I've seen this where after patching the PC runs very slowly & CPU maxes out @ 100%

    Good luck !
    Ian
  • Hi,

    After patching our W2k servers( with SP4), we experienced the following:

    1. BMC patrol client was not getting the data
    from the unix servers.

    2. Apache proxy port got blocked.

    3. Remedy software services were not starting.

    4. We have 3 MS exchange servers, which lost
    its communication with each other.

    Beware.

    regards,
    Veera.
  • I work for a major company whos has a series of pc's that will not boot and get stuck on the Windows 2000 is starting up page. Its only a specific model laptop. It's a nightmare and Microsoft takes days to contact and receive support from because they are so backed up. Beware if you pay for a call to Microsoft you are getting poor support from a level 0 tech that can barely help you but atleast he speaks english.
  • Believe you, support you, I believe that you are right! ! ! I will make great efforts to look like your study! ! !
Page 1 of 1 (5 items)