G
Gary S. Terhune
FYI. Not sure what to think, but I suspect we may be in for another serious DoS situation, soon.
Please, those who are vulnerable, PATCH IT!
(Note: This issue does *not* affect Win9x users. I post it simply as a public service.)
--
Gary S. Terhune
MS MVP for Windows 9x
+++++++++++++++++++++++++++++++++++++++++++++
The Services and Field Security Support Team is sending this alert you
of a possible change in the threat environment surrounding MS04-007.
Specifically, we are aware that sample exploit code (also known as
"Proof of Concept" code) has been made publicly available for the
vulnerability addressed by MS04-007. This sample code only demonstrates
a denial of service attack, it does not demonstrate remote code
execution. In addition, we are aware of general increased activity
around this vulnerability. We are not currently aware of any published
sample exploit code that demonstrates remote arbitrary code execution.
We are NOT aware of any active attacks against the vulnerability
addressed by MS04-007.
However, the presence of sample exploit code and heightened activity
around this vulnerability does potentially change the threat environment
because the existence of sample code can make it easier for an active
exploit to be developed and released. We are therefore urging customers
to immediately apply the security update to protect themselves from any
possible exploits which may be developed.
Information on Microsoft Security Bulletin MS04-007 and its associated
security update can be found here:
http://www.microsoft.com/technet/security/bulletin/ms04-007.asp
If you have any questions regarding this alert, you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
The Services and Field Security Support Team
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Please, those who are vulnerable, PATCH IT!
(Note: This issue does *not* affect Win9x users. I post it simply as a public service.)
--
Gary S. Terhune
MS MVP for Windows 9x
+++++++++++++++++++++++++++++++++++++++++++++
The Services and Field Security Support Team is sending this alert you
of a possible change in the threat environment surrounding MS04-007.
Specifically, we are aware that sample exploit code (also known as
"Proof of Concept" code) has been made publicly available for the
vulnerability addressed by MS04-007. This sample code only demonstrates
a denial of service attack, it does not demonstrate remote code
execution. In addition, we are aware of general increased activity
around this vulnerability. We are not currently aware of any published
sample exploit code that demonstrates remote arbitrary code execution.
We are NOT aware of any active attacks against the vulnerability
addressed by MS04-007.
However, the presence of sample exploit code and heightened activity
around this vulnerability does potentially change the threat environment
because the existence of sample code can make it easier for an active
exploit to be developed and released. We are therefore urging customers
to immediately apply the security update to protect themselves from any
possible exploits which may be developed.
Information on Microsoft Security Bulletin MS04-007 and its associated
security update can be found here:
http://www.microsoft.com/technet/security/bulletin/ms04-007.asp
If you have any questions regarding this alert, you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
The Services and Field Security Support Team
+++++++++++++++++++++++++++++++++++++++++++++++++++++++