Avatar de Usuario
msc hotline sat
Mensajes: 93695
Registrado: 09 Mar 2004, 20:39


Mensaje por msc hotline sat » 14 Abr 2004, 16:23

McAfee nos informa de la publicación hoy de nuevos parches de Microsoft, según indica en su comunicado:

que copio y pego a continuacion:


Vulnerability Name Risk Assessment

MS Vulnerabilities MS04-011 - 014 Corporate User : N/A

Home User : N/A

Vulnerability Information

Discovery Date: 04/13/2004

Origin: Microsoft

Length: N/A

Type: Vulnerability

SubType: Microsoft

Minimum DAT:

Release Date: N/A

Minimum Engine: 4.2.40

Description Added: 04/12/2004

Description Modified: 04/13/2004 10:53 AM (PT)

Description Menu

Vulnerability Characteristics


Method Of Infection

Removal Instructions

Variants / Aliases

Rate This page

Print This Page

Email This Page


Vulnerability Characteristics:

The following Microsoft vulnerabilities were announced on April 13, 2004.

MS04-011 - Security Update for Microsoft Windows (835732)

For Microsoft's details of this vulnerability please see:

MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)

For Microsoft's details of this vulnerability please see:

MS04-013 - Cumulative Security Update for Outlook Express (837009)

For Microsoft's details of this vulnerability please see:

MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)

For Microsoft's details of this vulnerability please see:

Top of Page


N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Top of Page

Method Of Infection


Top of Page

Removal Instructions

McAfee DAT Files

Generic detection for threats attempting to exploit MS04-013 (837009) is included in the 4351 DAT files as Exploit-MhtRedir.gen. Generic detection for threats attempting to exploit MS04-011 (CAN-2003-0907) is included in the 4351 DAT files as Exploit-HelpInject when running Script and Macro Heuristics.

McAfee Desktop Firewall

To help protect against the MS04-012 vulnerability (CAN-2003-0813, CAN-2004-0116, CAN-2003-0807) users should enforce the following rules:

Block TCP ports 135, 139, 445, 593

Block UDP ports 135, 137, 138, 445

Block all unsolicited inbound traffic on ports greater than 1024

Block any other specifically configured RPC port

Block, if installed, COM Internet Services (CIS) or RPC over HTTP, which listen on ports 80 and 443

To help protect against the MS04-011 vulnerability users should enforce the following rules:

CAN-2003-0533 - block UDP ports 135, 137, 138, 139, 445 and TCP ports 138, 139, 445, 593

CAN-2003-0663 - block LDAP TCP ports 389, 636, 3368, and 3369

CAN-2004-0117 - block TCP 1720, and 1503, both inbound and outbound

CAN-2004-0120 - block ports 443 and 636

McAfee Entercept

Entercept's buffer overflow protection protects against exploits targeting the following vulnerabilities

MS04-012 CAN-2003-0813

MS04-011 CAN-2003-0533

MS04-011 CAN-2003-0719

MS04-011 CAN-2003-0806

MS04-011 CAN-2003-0906

MS04-011 CAN-2004-0117

MS04-011 CAN-2004-0119

MS04-011 CAN-2004-0123


McAfee Intrushield

McAfee IntruShield stops attacks against multiple vulnerabilities disclosed in MS04-011 and MS04-012. The updated signatures are included in 1.5.37 and 1.8.25 signature sets or later, which will be available for download by April 15. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies

Filters for the MS04-011, and MS04-012 vulnerabilities have been created for Sniffer Distributed, Sniffer Portable and the Netasyst network analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to this vulnerability and potential exploits.

MS04-011 Sniffer

MS04-012 Sniffer

McAfee Security Threatscan

McAfee Threatscan users should update both the server and agent signatures to provide protection for the MS04-011, MS04-012, MS04-013, and MS04-014 vulnerabilities. Ensure that all ThreatScan installations are updated to version (2004-04-13).

Threatscan 2.5 -

Threatscan 2.0/2.1 -



ms, 14-04-2004


Volver a “ALERTAS VIRICAS y utilidades de eliminacion”