que copio y pego a continuacion:
____________________
Vulnerability Name Risk Assessment
MS Vulnerabilities MS04-011 - 014 Corporate User : N/A
Home User : N/A
Vulnerability Information
Discovery Date: 04/13/2004
Origin: Microsoft
Length: N/A
Type: Vulnerability
SubType: Microsoft
Minimum DAT:
Release Date: N/A
Minimum Engine: 4.2.40
Description Added: 04/12/2004
Description Modified: 04/13/2004 10:53 AM (PT)
Description Menu
Vulnerability Characteristics
Symptoms
Method Of Infection
Removal Instructions
Variants / Aliases
Rate This page
Print This Page
Email This Page
Legend
Vulnerability Characteristics:
The following Microsoft vulnerabilities were announced on April 13, 2004.
MS04-011 - Security Update for Microsoft Windows (835732)
For Microsoft's details of this vulnerability please see:
MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
For Microsoft's details of this vulnerability please see:
MS04-013 - Cumulative Security Update for Outlook Express (837009)
For Microsoft's details of this vulnerability please see:
MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
For Microsoft's details of this vulnerability please see:
Top of Page
Symptoms
N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.
Top of Page
Method Of Infection
N/A
Top of Page
Removal Instructions
McAfee DAT Files
Generic detection for threats attempting to exploit MS04-013 (837009) is included in the 4351 DAT files as Exploit-MhtRedir.gen. Generic detection for threats attempting to exploit MS04-011 (CAN-2003-0907) is included in the 4351 DAT files as Exploit-HelpInject when running Script and Macro Heuristics.
McAfee Desktop Firewall
To help protect against the MS04-012 vulnerability (CAN-2003-0813, CAN-2004-0116, CAN-2003-0807) users should enforce the following rules:
Block TCP ports 135, 139, 445, 593
Block UDP ports 135, 137, 138, 445
Block all unsolicited inbound traffic on ports greater than 1024
Block any other specifically configured RPC port
Block, if installed, COM Internet Services (CIS) or RPC over HTTP, which listen on ports 80 and 443
To help protect against the MS04-011 vulnerability users should enforce the following rules:
CAN-2003-0533 - block UDP ports 135, 137, 138, 139, 445 and TCP ports 138, 139, 445, 593
CAN-2003-0663 - block LDAP TCP ports 389, 636, 3368, and 3369
CAN-2004-0117 - block TCP 1720, and 1503, both inbound and outbound
CAN-2004-0120 - block ports 443 and 636
McAfee Entercept
Entercept's buffer overflow protection protects against exploits targeting the following vulnerabilities
MS04-012 CAN-2003-0813
MS04-011 CAN-2003-0533
MS04-011 CAN-2003-0719
MS04-011 CAN-2003-0806
MS04-011 CAN-2003-0906
MS04-011 CAN-2004-0117
MS04-011 CAN-2004-0119
MS04-011 CAN-2004-0123
MS04-014
McAfee Intrushield
McAfee IntruShield stops attacks against multiple vulnerabilities disclosed in MS04-011 and MS04-012. The updated signatures are included in 1.5.37 and 1.8.25 signature sets or later, which will be available for download by April 15. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
Sniffer Technologies
Filters for the MS04-011, and MS04-012 vulnerabilities have been created for Sniffer Distributed, Sniffer Portable and the Netasyst network analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to this vulnerability and potential exploits.
MS04-011 Sniffer Filters.zip
MS04-012 Sniffer Filters.zip
McAfee Security Threatscan
McAfee Threatscan users should update both the server and agent signatures to provide protection for the MS04-011, MS04-012, MS04-013, and MS04-014 vulnerabilities. Ensure that all ThreatScan installations are updated to version (2004-04-13).
Threatscan 2.5 - ftp.nai.com/pub/security/tsc25/updates/winnt
Threatscan 2.0/2.1 - ftp.nai.com/pub/security/tsc20/updates/winnt
____________________
saludos
ms, 14-04-2004