Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Rene Fehlmann (rene.fehlmannZURICH.COM)
Date: Wed Mar 21 2001 - 01:39:32 CST
I'm kind a confused. Your statement is, that someone who has NT Option Pack
installed is vulnerable to RDS! Isn't it only when you have the MDAC 1.5
component installed on the system!?
<TMorrisPRYDA.COM To: FOCUS-MSSECURITYFOCUS.COM
Sent by: Focus on Subject: Re: MDAC Version vulnerability.
Please respond to
Focus on Microsoft
You are vulnerable, or may be vulnerable if:
1. At any time in the past you had MDAC 2.1 or earlier
2. You have installed any MDAC SDK.
3. You installed the NT4 Option Pack.
4. You installed any 3rd party tool or app that included MDAC.
You are not vulnerable if;
1. You have only ever installed MDAC 2.5 or later.
2. RDS is configured to run in safe mode.
The vulnerability is a configuration issue (in the vein of the usual MS
story of 'default to allow anything'). MS's bulletins tell you how
configure RDS so it requires security (if you need it), how to disable it
altogether (if you don't), and tells you not to install any samples on
production machines (and tells you how to remove them if you already have).
----- Original Message -----
From: "Prins, J.H." <J.H.PrinsTUE.NL>
Sent: Monday, March 19, 2001 7:13 PM
Subject: Re: MDAC Version vulnerability.
> You are right, I mixed up two american organisations. It is indeed the
> together with Microsoft. But the question still stands. Is there anything
> known about versions after 2.1?
> Jan Hugo Prins
> -----Original Message-----
> From: H C [mailto:keydet89yahoo.com]
> Sent: vrijdag 16 maart 2001 22:39
> To: Focus on Microsoft Mailing List
> Cc: J.H.PrinsTUE.NL
> Subject: Re: MDAC Version vulnerability.
> The CIA and Microsoft? Do you have a link to this
> warning? Most of us have already seen the NIPC
> advisory that came out...I'd really be interested in a
> link to the warning from the CIA.
> --- "Prins, J.H." <J.H.PrinsTUE.NL> wrote:
> > Hello,
> > Recently the CIA and Microsoft released a warning
> > about an old MDAC problem.
> > In these papers they are talking about MDAC versions
> > prior or onto version
> > 2.1. Is there anything known about later versions.
> > Especially version 2.5
> > and version 2.6. Do these versions have the same
> > problem if you don't set
> > the HandlerRequired key to 0x1. Or is this only an
> > issue with verion 2.1?
> > Does anyone have any information or about this?
> > Greetings,
> > Jan Hugo Prins.
> > TU/e
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.