[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 79/04 - AusCERT Updates - Microsoft Product Support Services - Update released to address SSL issues/Mydoom/Doomjuice Cleaner Tool Available



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 79/04 dated 16.02.04  Time: 15:30  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

AusCERT Updates:

1.	Microsoft Product Support Services - Update released to address SSL issues.

2.	Microsoft Product Support Services - Mydoom/Doomjuice Cleaner Tool Available 


Detail
====== 

1.	Microsoft has released an update for Internet Explorer 6.0 Service Pack 1 users who 
	experience problems after installing the MS04-004 security update. 

2.	On 13 February 2004, Microsoft released an updated copy of the Mydoom/Doomjuice cleaner 
	tool to Windows Update/Software Update Services (WU/SUS) which, when executed, will scan 
	a system for the presence of Mydoom.A, Mydoom.B, and Doomjuice.A (aka "MyDoom.C"), and 
	automatically remove these worms from the system. This tool was posted to the Download 
	Center on 5 February 2004. It is now being offered as a "Critical Update" and will be 
	offered for download to Windows Update clients.




- -----------------------------------------------------------------------------------
1.

AusCERT Update AU-2004.004 - Microsoft Product Support Services - Update released to address SSL issues 16 February 2004

Microsoft has released an update for Internet Explorer 6.0 Service Pack 1 
users who experience problems after installing the MS04-004 security update. 
This update was originally redistributed as AusCERT ESB-2004.0083:

	http://www.auscert.org.au/3804


This alert is to notify you of the availability of an update to address issues related to SSL in Internet Explorer 6.0 Service Pack 1 after applying Microsoft Security Update MS04-004. Specifically, Microsoft received reports that after installing the MS04-004 security update, some Internet Explorer 6.0 Service Pack 1 users were experiencing errors when attempting to send information to sites that use SSL/TLS. This error will present itself as a HTTP 500 (Internal Server Error) and only occurs when accessing web servers using SSL/TLS 3.0 with a specific configuration.

Microsoft has made an update available that addresses this issue. This update is discussed in Microsoft Knowledge Base article: 831167

http://support.microsoft.com/?kbid=831167

Customers who are using Internet Explorer 6.0 Service Pack 1 who are experiencing this issue should read the Knowledge Base article and download and install the update.

This update will be included in future Cumulative Security Updates for Internet Explorer.

If you have any questions regarding this alert, you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338).  International customers should contact their local subsidiary.






- ------------------------------------------------------------------------------------

2.


AusCERT Update AU-2004.005 - Microsoft Product Support Services - Mydoom/Doomjuice Cleaner Tool Available 16 February 2004

Microsoft has released an updated cleaner tool for Mydoom/Doomjuice. This issue was originally covered by AusCERT ESB-2004.0075:

	http://www.auscert.org.au/3795


On 13 February 2004, Microsoft released an updated copy of the Mydoom/Doomjuice cleaner tool to Windows Update/Software Update Services (WU/SUS) which, when executed, will scan a system for the presence of Mydoom.A, Mydoom.B, and Doomjuice.A (aka "MyDoom.C"), and automatically remove these worms from the system. This tool was posted to the Download Center on 5 February 2004. It is now being offered as a "Critical Update" and will be offered for download to Windows Update clients.

The tool is designed to run on Windows 98, Windows ME, Windows Server 2003 in addition to Windows 2000 and 32-bit Windows XP systems. The tool is in US English only but will be offered to all languages because it does not have a user interface. Also, WU/SUS will only offer the tool to machines that are infected with the worms that the tool removes. This tool scans the system when executed: it is not a real-time scanner nor does it perform periodic scans.

Microsoft has published a Knowledge Base article 836528 that details the tool and instructs customers how to use the tool. This Knowledge Base article is available here: http://support.microsoft.com/default.aspx?scid=kb;en-us;836528

If you have any questions regarding the tool or its implementation after reading the above listed Knowledge Base article, you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338).  International customers should contact their local subsidiary.

Thank you,
 
PSS Security


Regards,

The AusCERT Team

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@xxxxxxxxxxxxxx
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only. 
===========================================================================


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of AusCERT and Microsoft for the 
information contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQDDq74pao72zK539AQGt9gQArJCHu4uyeICSS7RaHC235z7yTgpWWTQ6
vZTjRV2TA4VRLPc/ZPu6xtobT2SPRKuYCmIwLh08AX0FPaX1O4CgCPX5LYMeFkYu
RDtYIgI1GuSi1Bq5xbWjjJJaPbUVa2RE8xdJ3cTnEV2TzhHoi+flNaD51/ELKzIE
l/Z42ajUvKY=
=5WbF
-----END PGP SIGNATURE-----