IIS Sites and IE Users Under Attack

**Mtnjim** · 06-25-2004, 02:02 PM

FYI:

Security Alert, June 25, 2004

IIS Sites and IE Users Under Attack

A new

form of attack is spreading around the Internet, but to what
extent remains unknown at the time of this writing.

The attack affects
unpatched Microsoft IIS systems, which, when compromised, then attack
unprotected Microsoft

Internet Explorer (IE) systems.
Malicious users use an overflow condition in IIS to compromise an
unpatched

system. The vulnerability is related to the Private
Communications Transport (PCT) in Microsoft's SSL library.

Malicious
Javascript code is inserted into a Web page, and when unprotected IE
users visit the compromised Web

page, IE might run the Javascript code
on the user's system. The code then injects the system with

the
attacker's code of choice.
If possible, administrators should install Microsoft patch MS04-011
to

protect IIS. According to iDEFENSE, IE users are being compromised
with a combination of two vulnerabilities: One

of these
vulnerabilities is related to a problem in MIME Encapsulated Aggregate
HTML (MHTML), and the other is

related to ADO databases (ADODB).
Microsoft has made the MS04-013 patch available for the MHTML problem,
but

no patch is yet available for the ADODB vulnerability. IE users
should consider disabling active scripting in IE

to protect their
systems against these attacks.

http://secadministrator.com/articles...rticleid=43088

For more details about this

vulnerability, as well as links to
patches, workarounds, and Intrusion Detection System (IDS) signatures
to

help detect this attack, be sure to visit our Web site at the
provided URL.

**belgareth** · 06-25-2004, 02:20 PM

Just download the patches when

they become available and solve the majority of the problems. Either that or start using Opera and Mozilla.

Microsoft is releasing Windows XP Service Pack 2 on July 23rd. It has lots of nice enhancements and security

upgrades. Many of the major flaws in IE security will be fixed with that patch. As soon as it is available, download

and install it.

**Mtnjim** · 06-25-2004, 03:22 PM

Originally Posted by belgareth

Just download the

patches when they become available and solve the majority of the problems. Either that or start using Opera and

Mozilla.

Microsoft is releasing Windows XP Service Pack 2 on July 23rd. It has lots of nice enhancements and

security upgrades. Many of the major flaws in IE security will be fixed with that patch. As soon as it is available,

download and install it.

That's nice for folks like you and me, but think about how many people

don't even think about patches.

As for SP2, I'll be doing lots of testing. Rumor is it'll

"break" lots of things.
(Never did like XP much, thought of it like "ME". Maybe SP2 will change my mind.

**belgareth** · 06-25-2004, 03:51 PM

Originally Posted by Mtnjim

That's nice for

folks like you and me, but think about how many people don't even think about patches.

As for SP2,

I'll be doing lots of testing. Rumor is it'll "break" lots of things.
(Never did like XP much, thought of it like

"ME". Maybe SP2 will change my mind.

That's why I set up my clients to auto download the updates.

It helps them a lot and saves me a few phone calls.

I have a copy of SP2/RC2. Got it a few days ago from MS.

They shipped to people who attended the release seminars. So far, it hasn't broken anything. There are some changes

like it turns on the firewall automatically. You need to go back and check shares to make sure they are allowed,

minor tweaks like that.

XP (Full or OEM using NTFS) is a lot more stable than ME but can be a pain in the rear

on some things. One of the big problems is people do the upgrade and continue to use FAT32.

**Mtnjim** · 06-25-2004, 04:19 PM

Originally Posted by belgareth

That's why I set

up my clients to auto download the updates. It helps them a lot and saves me a few phone calls.

I have a

copy of SP2/RC2. Got it a few days ago from MS. They shipped to people who attended the release seminars. So far, it

hasn't broken anything. There are some changes like it turns on the firewall automatically. You need to go back and

check shares to make sure they are allowed, minor tweaks like that.

XP (Full or OEM using NTFS) is a lot

more stable than ME but can be a pain in the rear on some things. One of the big problems is people do the upgrade

and continue to use FAT32.

Auto update is a good thing, the users I deal with don't have

administrative rights. We're getting ready to deploy St Banard software to push patches.
I agree, XP is more

stable than ME, but I've always found that M$ has done an alternating "OK"/ piece 'o cr@p cycle of OS's and

patches (I still remember SP6 for NT)
Yes I agree NTFS all the way...NFS would be even better!
Heard that if

you have applications that require network access, you have to go into the firewall and open the ports to them.

Usually, I run the RC/Betas, but the last couple of months have been"interesting" and I haven't had time. Been an

"oficial" M$ beta tester for years!

Oh well, Microsoft software = Job security!