Patched Yet?

While this isn't a security blog, last week's ASN.1 vulnerability (MS04-007) requires your attention.

Without panic, all Windows NT/2000/XP/2003 systems need this patch. Because of the nature of the vulnerability, systems that accept authenticated connections are especially susceptible. This includes your Exchange Server.

As quoted in this ZDNet article, "TruSecure said business should give highest priority for patching to domain controllers, Exchange servers, Internet Information Servers (IIS) which use certificates and VPN and firewall appliances that accept authenticated connections."

If you haven't patched already, then why not?

William Lefkovics

William Lefkovics on February 15, 2004 at 03:47 AM in News
« Exchange Resource Manager 1.2 Released | Main | Intelligent Message Filter Pricing Announced »

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8345191a569e200e5501fb7ba8833

Listed below are links to weblogs that reference Patched Yet?:

Comments

There is no patch yet for users with XP SP2.
What's interesting though is that if you extract the files from the patch, the _sfx_manifest_ file includes:

[Deltas]

"sp2\update\update.ver" = "_sfx_0000._p", "sp1\update\update.ver"
"common\update.exe" = "_sfx_0001._p", "_sfx_.dll"
"common\spuninst.exe" = "_sfx_0002._p", "common\update.exe"
"sp2\update\KB828028.cat" = "_sfx_0003._p", "common\update.exe"
"sp1\update\KB828028.cat" = "_sfx_0004._p", "sp2\update\KB828028.cat"
"sp1\update\update.inf" = "_sfx_0005._p", "common\update.exe"
"sp2\update\update.inf" = "_sfx_0006._p", "sp1\update\update.inf"
"common\Eula.txt" = "_sfx_0007._p", "common\update.exe"
"common\spmsg.dll" = "_sfx_0008._p", "common\update.exe"
"xpsp1hfm.exe" = "_sfx_0009._p", "common\update.exe"
"common\spcustom.dll" = "_sfx_0010._p", "common\update.exe"
"sp1\msasn1.dll" = "_sfx_0011._p", "common\update.exe"
"sp2\msasn1.dll" = "_sfx_0012._p", "sp1\msasn1.dll"

We have a number of references to SP2 here.

So, when are we going to get a patch for XP SP2?

Posted by: Colin Walker at Feb 15, 2004 1:38:07 PM

Well, I don't have to tell you that sp2 is still beta. What do they say in the beta newsgroups for Windows XP?

Posted by: William Lefkovics at Feb 16, 2004 5:55:06 PM

Despite many testers asking questions there has been no official MS response yet.

Posted by: Colin Walker at Feb 17, 2004 12:36:41 AM