Content

MS Vulnerabilities MS04-011 - 014

Type
Vulnerability
SubType
Microsoft
Discovery Date
04/13/2004
Length
Minimum DAT
N/A ( )
Updated DAT
N/A ( )
Minimum Engine
5.1.00
Description Added
04/12/2004
Description Modified
04/13/2004 10:53 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

The following Microsoft vulnerabilities were announced on April 13, 2004.

MS04-011 - Security Update for Microsoft Windows (835732)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

MS04-013 - Cumulative Security Update for Outlook Express (837009)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx

Symptoms

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Method of Infection

N/A

Removal

McAfee DAT Files
 Generic detection for threats attempting to exploit MS04-013 (837009) is included in the 4351 DAT files as Exploit-MhtRedir.gen.  Generic detection for threats attempting to exploit MS04-011 (CAN-2003-0907) is included in the 4351 DAT files as Exploit-HelpInject when running Script and Macro Heuristics.

McAfee Desktop Firewall  
 To help protect against the MS04-012 vulnerability (CAN-2003-0813, CAN-2004-0116, CAN-2003-0807) users should enforce the following rules:

  • Block TCP ports 135, 139, 445, 593
  • Block UDP ports 135, 137, 138, 445
  • Block all unsolicited inbound traffic on ports greater than 1024
  • Block any other specifically configured RPC port
  • Block, if installed, COM Internet Services (CIS) or RPC over HTTP, which listen on ports 80 and 443

To help protect against the MS04-011 vulnerability users should enforce the following rules:

  • CAN-2003-0533 - block UDP ports 135, 137, 138, 139, 445 and TCP ports 138, 139, 445, 593
  • CAN-2003-0663 - block LDAP TCP ports 389, 636, 3368, and 3369
  • CAN-2004-0117 - block TCP 1720, and 1503, both inbound and outbound
  • CAN-2004-0120 - block ports 443 and 636

McAfee Entercept
 Entercept's buffer overflow protection protects against exploits targeting the following vulnerabilities

  • MS04-012 CAN-2003-0813
  • MS04-011 CAN-2003-0533
  • MS04-011 CAN-2003-0719
  • MS04-011 CAN-2003-0806
  • MS04-011 CAN-2003-0906
  • MS04-011 CAN-2004-0117
  • MS04-011 CAN-2004-0119
  • MS04-011 CAN-2004-0123
  • MS04-014

McAfee Intrushield
 McAfee IntruShield stops attacks against multiple vulnerabilities disclosed in MS04-011 and MS04-012. The updated signatures are included in 1.5.37 and 1.8.25 signature sets or later, which will be available for download by April 15. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies
 Filters for the MS04-011, and MS04-012 vulnerabilities have been created for Sniffer Distributed, Sniffer Portable and the Netasyst network analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to this vulnerability and potential exploits.

McAfee Security Threatscan
McAfee Threatscan users should update both the server and agent signatures to provide protection for the MS04-011,  MS04-012,  MS04-013, and MS04-014 vulnerabilities.  Ensure that all ThreatScan installations are updated to version (2004-04-13).

Variants

Variants

    N/A

All Information

Overview -

Characteristics

Characteristics -

The following Microsoft vulnerabilities were announced on April 13, 2004.

MS04-011 - Security Update for Microsoft Windows (835732)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

MS04-012 - Cumulative Update for Microsoft RPC/DCOM (828741)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

MS04-013 - Cumulative Security Update for Outlook Express (837009)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

MS04-014 - Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001)
For Microsoft's details of this vulnerability please see:
http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx

Symptoms

Symptoms -

N/A This description covers multiple Microsoft vulnerabilities that may potentially be exploited.

Method of Infection

Method of Infection -

N/A

Removal -

Removal -

McAfee DAT Files
 Generic detection for threats attempting to exploit MS04-013 (837009) is included in the 4351 DAT files as Exploit-MhtRedir.gen.  Generic detection for threats attempting to exploit MS04-011 (CAN-2003-0907) is included in the 4351 DAT files as Exploit-HelpInject when running Script and Macro Heuristics.

McAfee Desktop Firewall  
 To help protect against the MS04-012 vulnerability (CAN-2003-0813, CAN-2004-0116, CAN-2003-0807) users should enforce the following rules:

  • Block TCP ports 135, 139, 445, 593
  • Block UDP ports 135, 137, 138, 445
  • Block all unsolicited inbound traffic on ports greater than 1024
  • Block any other specifically configured RPC port
  • Block, if installed, COM Internet Services (CIS) or RPC over HTTP, which listen on ports 80 and 443

To help protect against the MS04-011 vulnerability users should enforce the following rules:

  • CAN-2003-0533 - block UDP ports 135, 137, 138, 139, 445 and TCP ports 138, 139, 445, 593
  • CAN-2003-0663 - block LDAP TCP ports 389, 636, 3368, and 3369
  • CAN-2004-0117 - block TCP 1720, and 1503, both inbound and outbound
  • CAN-2004-0120 - block ports 443 and 636

McAfee Entercept
 Entercept's buffer overflow protection protects against exploits targeting the following vulnerabilities

  • MS04-012 CAN-2003-0813
  • MS04-011 CAN-2003-0533
  • MS04-011 CAN-2003-0719
  • MS04-011 CAN-2003-0806
  • MS04-011 CAN-2003-0906
  • MS04-011 CAN-2004-0117
  • MS04-011 CAN-2004-0119
  • MS04-011 CAN-2004-0123
  • MS04-014

McAfee Intrushield
 McAfee IntruShield stops attacks against multiple vulnerabilities disclosed in MS04-011 and MS04-012. The updated signatures are included in 1.5.37 and 1.8.25 signature sets or later, which will be available for download by April 15. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

Sniffer Technologies
 Filters for the MS04-011, and MS04-012 vulnerabilities have been created for Sniffer Distributed, Sniffer Portable and the Netasyst network analyzer to alert network managers to the presence of malicious traffic traveling in the network specific to this vulnerability and potential exploits.

McAfee Security Threatscan
McAfee Threatscan users should update both the server and agent signatures to provide protection for the MS04-011,  MS04-012,  MS04-013, and MS04-014 vulnerabilities.  Ensure that all ThreatScan installations are updated to version (2004-04-13).

Variants

Variants -

    N/A