OT: Check your Web Servers if using SSL (Critical)

[LANMAN]

Hot off the press:

Multiple Vulnerabilities in Microsoft Products

Synopsis:

Microsoft has released several security bulletins that address security issues affecting modern Windows operating systems. A critical vulnerability has been discovered in the Windows Local Security Authority Subsystem (LSASS). In addition, serious vulnerabilities have been discovered in the Microsoft Abstract Syntax Notation One (ASN.1) library, the Negotiate Security Software Provider (SSP) interface, and the Microsoft RPC runtime library.

Less serious vulnerabilities have been discovered in SSL handshakes, H.323 parsing in Netmeeting, Microsoft LDAP, and the Help and Support Center protocol. This Alert focuses mainly on the LSASS, ASN.1 and SSP vulnerabilities described in Microsoft Security Bulletin MS04-011.

MS04-011 also included information related to a serious vulnerability within SSL.

Patch for MS04-11
Technical Details

Cheers!!

--LANMAN

 

[ericlp]

Ack, who cares.... I have to babysit this crap at work... Every time you turn around M$ comes out with another patch...

I'm getting tired of seeing it. I don't even patch my machine at home just because I have to deal with 3K machines and 20 servers @ work. Matter of fact I don't even have a virus checker on my machine! Come on hackers... Come and get it!!!!

Sigh...

 

[Unforgiven]

thanx for the news lanman, i am updating all my boxes at home and remotely at work if i can! be warned windowsupdate.com is horribly slow and sometimes page cannot be displayed!

 

[n0cmonkey]

They're still around?

 

[LANMAN]

Originally posted by: ericlp
Ack, who cares.... I have to babysit this crap at work... Every time you turn around M$ comes out with another patch...

I'm getting tired of seeing it. I don't even patch my machine at home just because I have to deal with 3K machines and 20 servers @ work. Matter of fact I don't even have a virus checker on my machine! Come on hackers... Come and get it!!!!

Sigh...

Thanks for your opinion. But unforutunately for some of us, we can't ignore every critical patch. If you've read the articles, nothing is said about M$ even patching this one so I hope you don't get your famous 30 seconds on CNN tomorrow morning.

If something does happen to your company and they read your post, you could be personally held liable for not taking action. I strongly suggest you read the laws in your state (if your in the US) on how network administrators can be held accountable for their actions (or the lack of) when given the responsiblity for securing the networks that have been assigned. It's not just loosing your job dude.

They can take everything you own!

If you don't care as much as you say, would you please post what company you work for so I can assure myself that I don't have any personal information on your systems.

--LANMAN

BTW: If your really tuned in for a blow... please let us know if your CISSP certified so we can send in a request to revoke your certificate.

My intentions were only to inform those who care. If this post helps anyone else, great!! Looks like I've helped one person already. Just looking out for my fellow TA members!

 

[Wiz]

that's why I hate IIS & refuse to use it - can't leave it alone in the dark where a server ought to be...

anyway, you guys who run IIS better take care of this, before you get caught with your panties in a bunch













Thanks for the heads-up Lanman!

 

[LANMAN]

Originally posted by: Wiz
that's why I hate IIS & refuse to use it - can't leave it alone in the dark where a server ought to be...

anyway, you guys who run IIS better take care of this, before you get caught with your panties in a bunch













Thanks for the heads-up Lanman!

Your welcome Wiz!!

Now I can go home and get a good night sleep knowing my servers are done too! (And knowing someone here appreciates my extra time posting this thing.)

See you all in the AM for SETI stats!!

--LANMAN

 

[n0cmonkey]

Originally posted by: LANMAN

Originally posted by: Wiz
that's why I hate IIS & refuse to use it - can't leave it alone in the dark where a server ought to be...

anyway, you guys who run IIS better take care of this, before you get caught with your panties in a bunch













Thanks for the heads-up Lanman!

Your welcome Wiz!!

Now I can go home and get a good night sleep knowing my servers are done too! (And knowing someone here appreciates my extra time posting this thing.)

See you all in the AM for SETI stats!!

--LANMAN

I appreciate it. It gives me a good chuckle before the reality of my IDS/firewall logs sets in.

 

[RemyCanad]

Good thing I don't use any windows server.

But I know others that do! Better let them know.

Thanks for the heads up.

 

[Orange Kid]

Thanks for the heads up

This is why I use windows with Apache, a confusing combo for most hacks I hope.

Have updated any who.

 

[ericlp]

Ewww. I hear it all the time. You can be held responsable. Yeah, me and 20 milliion other lazy IT phreaks. Hey you wanna patch my router too? Damn, like I have nothing else to do?


Loose my job!?! GASP!!! Who will back up the servers? Who will do all the maintence on the microwave and radio modems? Who will run all the scada and hydromat stuff? What loose my job? COOL!!! I smell UNEMPLOYMENT!!!!


*looking for a new job*

 

[RaySun2Be]

Loose my job!?! GASP!!! Who will back up the servers? Who will do all the maintence on the microwave and radio modems? Who will run all the scada and hydromat stuff? What loose my job?

How about someone with a green card who has good credentials but is willing to work for 1/2 the pay, or someone who was laid off/downsized/outsourced. There are a bunch of people out there looking. Or how about the company decides to re-locate (outsource) the center to India and save many many $$.

It's happening all around. If you have a job, be thankful, it's not so easy these days to find another one so quick.

And I hate having to patch MS all the time. :| It keeps me from doing other things that help the company's bottom line.

If it weren't for our software having to run on a Windows platform, I swear I'd switch everyone over to Linux. And once we get some PCs donated so I can create a test lab, I'd like to see if our software will run well under WINE.

 

[networkman]

Thanks for the heads-up LANMAN!

While keeping the servers up-to-date isn't one of my responsibilities(yet), I'd be remiss in my duties if I didn't at least send a "Heads-Up!" message to my boss to make sure that HE is aware of the issue, since he's the one who IS responsible.

 

[Shame]

Originally posted by: ericlp
Ewww. I hear it all the time. You can be held responsable. Yeah, me and 20 milliion other lazy IT phreaks. Hey you wanna patch my router too? Damn, like I have nothing else to do? Loose my job!?! GASP!!! Who will back up the servers? Who will do all the maintence on the microwave and radio modems? Who will run all the scada and hydromat stuff? What loose my job? COOL!!! I smell UNEMPLOYMENT!!!! *looking for a new job*

Would ya mind posting those work IPs, oh brave one?

j/k

 

[MoFunk]

Originally posted by: ericlp
Ewww. I hear it all the time. You can be held responsable. Yeah, me and 20 milliion other lazy IT phreaks. Hey you wanna patch my router too? Damn, like I have nothing else to do?


Loose my job!?! GASP!!! Who will back up the servers? Who will do all the maintence on the microwave and radio modems? Who will run all the scada and hydromat stuff? What loose my job? COOL!!! I smell UNEMPLOYMENT!!!!


*looking for a new job*

I think someone is having a bad day.

 

[compudog]

Fortunately I am running Novell on our two servers. My inside intra-net has no connection to the outside world. I am being pressured by our outside software vendors to switch server platforms to MS, but I'm holding the line. I think my company would outsource if we were running MS on the server.

Thanks for the heads-up LANMAN... applying patches at home...