QUOTE
Summary:
========
On Friday, July 2, 2004, Microsoft is releasing a configuration
change for Windows XP, Windows 2000, and Windows Server 2003, to
address recent malicious attacks against Internet Explorer, also
know as Download.Ject. More information is available at
www.microsoft.com/presspass.
Windows customers are encouraged to apply this configuration change
immediately to help be protected from current Internet Explorer
exploits. The update is available on Windows Update.
Microsoft's guidance for consumers and enterprises is as follows:
Guidance for Consumers:
=======================
The configuration change will be delivered automatically for
customers that have enabled automatic updates from Windows
Update. The configuration change can also be obtained by
manually visiting the Windows Update site at
http://windowsupdate.microsoft.com .
Guidance for Enterprise customers:
==================================
Enterprise customers are encouraged to review a Knowledge Base
article for guidance on how to deploy the configuration change
across their networks. The Knowledge Base article can be
found at:
http://support.microsoft.com/default.aspx?kbid=870669
Enterprise customers can also download the configuration
change from Microsoft's download center at:
http://download.microsoft.com
* Customers who have installed Windows XP SP2 RC2 are already
protected from the Download.Ject exploit and do not need the
update.
* This configuration change is a defense in depth measure which
disables an ActiveX control known as adodb.stream. Disallowing
this functionality prevents an attacker from placing malicious
code on a PC hard drive and will prevent the Download.Ject attack.
* Customers can get more information about the Download.Ject attack,
how to be protected and how to get cleaned in the event of
infection at:
http://www.microsoft.com/security/incident...nload_ject.mspx .
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with this update.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
========
On Friday, July 2, 2004, Microsoft is releasing a configuration
change for Windows XP, Windows 2000, and Windows Server 2003, to
address recent malicious attacks against Internet Explorer, also
know as Download.Ject. More information is available at
www.microsoft.com/presspass.
Windows customers are encouraged to apply this configuration change
immediately to help be protected from current Internet Explorer
exploits. The update is available on Windows Update.
Microsoft's guidance for consumers and enterprises is as follows:
Guidance for Consumers:
=======================
The configuration change will be delivered automatically for
customers that have enabled automatic updates from Windows
Update. The configuration change can also be obtained by
manually visiting the Windows Update site at
http://windowsupdate.microsoft.com .
Guidance for Enterprise customers:
==================================
Enterprise customers are encouraged to review a Knowledge Base
article for guidance on how to deploy the configuration change
across their networks. The Knowledge Base article can be
found at:
http://support.microsoft.com/default.aspx?kbid=870669
Enterprise customers can also download the configuration
change from Microsoft's download center at:
http://download.microsoft.com
* Customers who have installed Windows XP SP2 RC2 are already
protected from the Download.Ject exploit and do not need the
update.
* This configuration change is a defense in depth measure which
disables an ActiveX control known as adodb.stream. Disallowing
this functionality prevents an attacker from placing malicious
code on a PC hard drive and will prevent the Download.Ject attack.
* Customers can get more information about the Download.Ject attack,
how to be protected and how to get cleaned in the event of
infection at:
http://www.microsoft.com/security/incident...nload_ject.mspx .
Support:
========
Technical support is available from Microsoft Product Support
Services at 1-866-PC SAFETY (1-866-727-2338). There is no
charge for support calls associated with this update.
International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx