Hi All,

I'm kind a confused. Your statement is, that someone who has NT Option Pack
installed is vulnerable to RDS! Isn't it only when you have the MDAC 1.5
component installed on the system!?

Cheers,

René

                                                                                                                   
                    Trevor Morris
                    <TMorrisPRYDA.COM To: FOCUS-MSSECURITYFOCUS.COM
                    .AU> cc:
                    Sent by: Focus on Subject: Re: MDAC Version vulnerability.
                    Microsoft Mailing
                    List
                    <FOCUS-MSSECURITY
                    FOCUS.COM>
                                                                                                                   
                                                                                                                   
                    20.03.01 04:59
                    Please respond to
                    Focus on Microsoft
                    Mailing List
                                                                                                                   
                                                                                                                   

You are vulnerable, or may be vulnerable if:
        1. At any time in the past you had MDAC 2.1 or earlier
installed.
        2. You have installed any MDAC SDK.
        3. You installed the NT4 Option Pack.
        4. You installed any 3rd party tool or app that included MDAC.

You are not vulnerable if;
        1. You have only ever installed MDAC 2.5 or later.
        2. RDS is configured to run in safe mode.
The vulnerability is a configuration issue (in the vein of the usual MS
story of 'default to allow anything'). MS's bulletins tell you how
configure RDS so it requires security (if you need it), how to disable it
altogether (if you don't), and tells you not to install any samples on
production machines (and tells you how to remove them if you already have).

Cheers!
    Trevor Morris.

----- Original Message -----
From: "Prins, J.H." <J.H.PrinsTUE.NL>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Monday, March 19, 2001 7:13 PM
Subject: Re: MDAC Version vulnerability.

> You are right, I mixed up two american organisations. It is indeed the
NIPC
> together with Microsoft. But the question still stands. Is there anything
> known about versions after 2.1?
>
> Greetings
> Jan Hugo Prins
>
>
> -----Original Message-----
> From: H C [mailto:keydet89yahoo.com]
> Sent: vrijdag 16 maart 2001 22:39
> To: Focus on Microsoft Mailing List
> Cc: J.H.PrinsTUE.NL
> Subject: Re: MDAC Version vulnerability.
>
>
> The CIA and Microsoft? Do you have a link to this
> warning? Most of us have already seen the NIPC
> advisory that came out...I'd really be interested in a
> link to the warning from the CIA.
>
> Thanks,
>
> K
>
> --- "Prins, J.H." <J.H.PrinsTUE.NL> wrote:
> > Hello,
> >
> > Recently the CIA and Microsoft released a warning
> > about an old MDAC problem.
> > In these papers they are talking about MDAC versions
> > prior or onto version
> > 2.1. Is there anything known about later versions.
> > Especially version 2.5
> > and version 2.6. Do these versions have the same
> > problem if you don't set
> > the HandlerRequired key to 0x1. Or is this only an
> > issue with verion 2.1?
> > Does anyone have any information or about this?
> >
> > Greetings,
> > Jan Hugo Prins.
> > TU/e
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]