[Seguridad] New Information on Configuration Changes for Internet Explorer and ADODB.stream

Summary:
=On Friday, July 2, 2004, Microsoft is releasing a configuration
change for Windows XP, Windows 2000, and Windows Server 2003, to
address recent malicious attacks against Internet Explorer, also
know as Download.Ject. More information is available at
www.microsoft.com/presspass.

Windows customers are encouraged to apply this configuration change
immediately to help be protected from current Internet Explorer
exploits. The update is available on Windows Update.


Microsoft's guidance for consumers and enterprises is as follows:

Guidance for Consumers:
=
The configuration change will be delivered automatically for
customers that have enabled automatic updates from Windows
Update. The configuration change can also be obtained by
manually visiting the Windows Update site at
http://windowsupdate.microsoft.com .

Guidance for Enterprise customers:

Enterprise customers are encouraged to review a Knowledge Base
article for guidance on how to deploy the configuration change
across their networks. The Knowledge Base article can be
found at:

http://support.microsoft.com/default.aspx?kbid‡0669

Enterprise customers can also download the configuration
change from Microsoft's download center at:

http://download.microsoft.com

* Customers who have installed Windows XP SP2 RC2 are already
protected from the Download.Ject exploit and do not need the
update.

* This configuration change is a defense in depth measure which
disables an ActiveX control known as adodb.stream. Disallowing
this functionality prevents an attacker from placing malicious
code on a PC hard drive and will prevent the Download.Ject attack.

* Customers can get more information about the Download.Ject attack,
how to be protected and how to get cleaned in the event of
infection at:

http://www.microsoft.com/security/i..._ject.mspx .


Support:
=Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with this update.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common...ional.aspx

Additional Resources:
==* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/se...fault.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/se...wdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************




Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
ekort@ESTONOVALEhotmail.com

Normas de conducta de los grupos de noticias:
http://support.microsoft.com/defaul...newsreglas
http://www.microsoft.com/communitie...fault.mspx

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.