attention faux messages : ne proviennent pas de microsoft ne pasouvrir

"Pascal Constant" <pascal.constant@tiscali.be> wrote in message
news:3f6c8d89$0$24174$ba620e4c@reader0.news.skynet .be...
> Voui quelques uns chez moi aussi... mais maintenant j'ai filtré tout ce
> qui possède les mots "Microsoft" ou "Bulletin" ou "Security" dans la
> ligne du sujet, et hop poubelle directement depuis le serveur de mail
> sans faire le donwload

Je suis abonné aux Security Bulletin de Microsoft et je dois dire que
l'autre jour j'ai été bluffé tellement le mail en HTML possède l'identité
graphique de ce que fait Microsoft actuellement, au point que j'étais au
téléphone et j'ai dis à mon interlocuteur : "Tiens Microsoft fait comme
Symantec ses bulletins en HTML..." bon ca n'a pas duré longtemps, le temps
de voir qu'un EXE était attaché au message et que le truc étais bidon

Sinon pour ceux que ca intéresse voici ci-dessous un vrai bulletin de
sécurité de Microsoft, d'ailleurs je conseille vivement d'appliquer ce
hotfix :

-----BEGIN PGP SIGNED MESSAGE-----

- - -----------------------------------------------------------------
Title: Buffer Overrun In RPCSS Service Could Allow Code
Execution (824146)
Date: September 10, 2003
Software: Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server(r) 4.0
Microsoft Windows NT Server 4.0, Terminal Server
Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-039

Microsoft encourages customers to review the Security Bulletins
at:

http://www.microsoft.com/technet/sec...n/MS03-039.asp
http://www.microsoft.com/security/se...s/MS03-039.asp

- - -----------------------------------------------------------------

Issue:
======

The fix provided by this patch supersedes the one included in
Microsoft Security Bulletin MS03-026.

Remote Procedure Call (RPC) is a protocol used by the Windows
operating system. RPC provides an inter-process communication
mechanism that allows a program running on one computer to
seamlessly access services on another computer. The protocol
itself is derived from the Open Software Foundation (OSF) RPC
protocol, but with the addition of some Microsoft specific
extensions.

There are three identified vulnerabilities in the part of RPCSS
Service that deals with RPC messages for DCOM activation- two
that could allow arbitrary code execution and one that could
result in a denial of service. The flaws result from incorrect
handling of malformed messages. These particular vulnerabilities
affect the Distributed Component Object Model (DCOM) interface
within the RPCSS Service. This interface handles DCOM object
activation requests that are sent from one machine to another.

An attacker who successfully exploited these vulnerabilities
could be able to run code with Local System privileges on an
affected system, or could cause the RPCSS Service to fail. The
attacker could then be able to take any action on the system,
including installing programs, viewing, changing or deleting
data, or creating new accounts with full privileges.

To exploit these vulnerabilities, an attacker could create a
program to send a malformed RPC message to a vulnerable system
targeting the RPCSS Service.

Microsoft has released a tool that can be used to scan a network
for the presence of systems which have not had the MS03-039 patch
installed. More details on this tool are available in Microsoft
Knowledge Base article 827363. This tool supersedes the one
provided in Microsoft Knowledge Base article 826369. If the tool
provided in Microsoft Knowledge Base Article 826369 is used
against a system which has installed the security patch provided
with this bulletin, the superseded tool will incorrectly report
that the system is missing the patch provided in MS03-026.
Microsoft encourages customers to run the latest version of the
tool available in Microsoft Knowledge Base article 827363 to
determine if their systems are patched.


Mitigating Factors:
====================
- Firewall best practices and standard default firewall
configurations can help protect networks from remote attacks
originating outside of the enterprise perimeter. Best practices
recommend blocking all ports that are not actually being used.
For this reason, most systems attached to the Internet should
have a minimal number of the affected ports exposed.

Risk Rating:
============
- Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at

http://www.microsoft.com/technet/sec...n/MS03-039.asp
http://www.microsoft.com/security/se...s/MS03-039.asp

for information on obtaining this patch.

Acknowledgment:
===============
- eEye Digital Security (http://www.eeye.com/html)
- NSFOCUS Security Team (http://www.nsfocus.com)
- Xue Yong Zhi and Renaud Deraison from Tenable Network Security
(http://www.tenablesecurity.com)

for reporting the buffer overrun vulnerabilities and working with
us to protect customers.
- - -----------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBP19PE40ZSRQxA/UrAQFL2ggAk84V2SkEsj8r0xW6JoxE9ojVFp8kQLWS
SMYMXP6iEONzJzUGcoX8OLDWG5ncSoJVOSM+84PUCOAFnIZs8e ZV8MiOdjm/j2yO
Fv+0bw6foQbsyvFT9Kcckrj/DJAIEnu5EMwVcU1jlkP1rIj6JXaZdC78jpHson2y
AdxBM8altRg1aKplWYVe5vOV0Ya92KUkbKy0khv9xKgNO/PPbno4AdBzkk5s7hqy
NNnhi+lbdZBubzhQkvG+Wj3bAA/onj7SdTAKXuaLEB61c5gDsznwV+d+tHYbZjdm
3BAhoL+b34yteRa3wJrMxgz6+KJLDpUvEUW9DYU9Mlscl3+d1S tbNw==
=2u0i
-----END PGP SIGNATURE-----


************************************************** *****************

You have received this e-mail bulletin because of your subscription to the
Microsoft Product Security Notification Service. For more information on
this service, please visit
http://www.microsoft.com/technet/security/notify.asp.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp

If you do not wish to use Microsoft Passport, you can unsubscribe from the
Microsoft Security Notification Service via email as described below:
Reply to this message with the word UNSUBSCRIBE in the Subject line.

For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.


--
Cédric
http://www.logbook.ch/
Enlever '.efface' de mon adresse email

Merde, je rentre d'une semaine de vacances, ma bal pleine de messages à la
con et j'ai claqué mon fils pour abus d'Internet pendant mon absence. C'est
pas de sa faute, alors?

ouf je ne suis pas le seul,
comment on arrête cete merde?



"Pascal Constant" <pascal.constant@tiscali.be> a écrit dans le message de
news: 3f6b4b8b$0$31749$ba620e4c@reader1.news.skynet.be.. .
> J'espère que vous avez été chercher le correctif du nouveau "trou" de
> Microsoft... ils ont encore trouvé une petite porte d'ouverte
> Pascal cé
>
>
> "Pascal Coppolani" <pascalcoppolani@wanadoo.fr> wrote in message
> news:bkfgpt$kba$1@news-reader3.wanadoo.fr...
> > Patrick Crasson wrote:
> > > Moi aussi, +- 100 par jour !!!! c'est quoi cette merde, c'est plein
> de virus
> > > et chevaux de troie....
> > > A mon avis à ce rythme internet va s'effondrer dans quelques
> heures.... à
> > > mon avis c'est une attaque du style twin towers sur internet ...
> > >
> > > A+ si internet est toujours là demain ....????
> > >
> > > Pat°°°
> > >
> > 35 en 1 heure ! et ça ne s'arrete pas...
> >
>
>

Ah c'est ton gamin qui balance tous ces mails ?
Pascal cé (qui rote mais pas à cause du petit lait


"charb" <henricharb@wanadoo.fr> wrote in message
news:bkiguh$5vp$2@news-reader5.wanadoo.fr...
> Merde, je rentre d'une semaine de vacances, ma bal pleine de messages
à la
> con et j'ai claqué mon fils pour abus d'Internet pendant mon absence.
C'est
> pas de sa faute, alors?
>
>

Je crois que je vais réinstaller un vieux Windows for WorkGroups, y'a
plus personne qui pense que cela existe
Pascal cé

"Cédric Rathgeb" <cedric.rathgeb.efface@logbook.ch> wrote in message
news:3f6c974f$1@news.deckpoint.ch...
> "Pascal Constant" <pascal.constant@tiscali.be> wrote in message
> news:3f6c8d89$0$24174$ba620e4c@reader0.news.skynet .be...
> > Voui quelques uns chez moi aussi... mais maintenant j'ai filtré tout
ce
> > qui possède les mots "Microsoft" ou "Bulletin" ou "Security" dans la
> > ligne du sujet, et hop poubelle directement depuis le serveur de
mail
> > sans faire le donwload
>
> Je suis abonné aux Security Bulletin de Microsoft et je dois dire que
> l'autre jour j'ai été bluffé tellement le mail en HTML possède
l'identité
> graphique de ce que fait Microsoft actuellement, au point que j'étais
au
> téléphone et j'ai dis à mon interlocuteur : "Tiens Microsoft fait
comme
> Symantec ses bulletins en HTML..." bon ca n'a pas duré longtemps, le
temps
> de voir qu'un EXE était attaché au message et que le truc étais bidon

>
> Sinon pour ceux que ca intéresse voici ci-dessous un vrai bulletin de
> sécurité de Microsoft, d'ailleurs je conseille vivement d'appliquer ce
> hotfix :
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - - -----------------------------------------------------------------
> Title: Buffer Overrun In RPCSS Service Could Allow Code
> Execution (824146)
> Date: September 10, 2003
> Software: Microsoft Windows NT Workstation 4.0
> Microsoft Windows NT Server(r) 4.0
> Microsoft Windows NT Server 4.0, Terminal Server
> Edition
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
> Impact: Run code of attacker's choice
> Max Risk: Critical
> Bulletin: MS03-039
>
> Microsoft encourages customers to review the Security Bulletins
> at:
>
> http://www.microsoft.com/technet/sec...n/MS03-039.asp
> http://www.microsoft.com/security/se...s/MS03-039.asp
>
> - - -----------------------------------------------------------------
>
> Issue:
> ======
>
> The fix provided by this patch supersedes the one included in
> Microsoft Security Bulletin MS03-026.
>
> Remote Procedure Call (RPC) is a protocol used by the Windows
> operating system. RPC provides an inter-process communication
> mechanism that allows a program running on one computer to
> seamlessly access services on another computer. The protocol
> itself is derived from the Open Software Foundation (OSF) RPC
> protocol, but with the addition of some Microsoft specific
> extensions.
>
> There are three identified vulnerabilities in the part of RPCSS
> Service that deals with RPC messages for DCOM activation- two
> that could allow arbitrary code execution and one that could
> result in a denial of service. The flaws result from incorrect
> handling of malformed messages. These particular vulnerabilities
> affect the Distributed Component Object Model (DCOM) interface
> within the RPCSS Service. This interface handles DCOM object
> activation requests that are sent from one machine to another.
>
> An attacker who successfully exploited these vulnerabilities
> could be able to run code with Local System privileges on an
> affected system, or could cause the RPCSS Service to fail. The
> attacker could then be able to take any action on the system,
> including installing programs, viewing, changing or deleting
> data, or creating new accounts with full privileges.
>
> To exploit these vulnerabilities, an attacker could create a
> program to send a malformed RPC message to a vulnerable system
> targeting the RPCSS Service.
>
> Microsoft has released a tool that can be used to scan a network
> for the presence of systems which have not had the MS03-039 patch
> installed. More details on this tool are available in Microsoft
> Knowledge Base article 827363. This tool supersedes the one
> provided in Microsoft Knowledge Base article 826369. If the tool
> provided in Microsoft Knowledge Base Article 826369 is used
> against a system which has installed the security patch provided
> with this bulletin, the superseded tool will incorrectly report
> that the system is missing the patch provided in MS03-026.
> Microsoft encourages customers to run the latest version of the
> tool available in Microsoft Knowledge Base article 827363 to
> determine if their systems are patched.
>
>
> Mitigating Factors:
> ====================
> - Firewall best practices and standard default firewall
> configurations can help protect networks from remote attacks
> originating outside of the enterprise perimeter. Best practices
> recommend blocking all ports that are not actually being used.
> For this reason, most systems attached to the Internet should
> have a minimal number of the affected ports exposed.
>
> Risk Rating:
> ============
> - Critical
>
> Patch Availability:
> ===================
> - A patch is available to fix this vulnerability. Please read
> the Security Bulletins at
>
> http://www.microsoft.com/technet/sec...n/MS03-039.asp
> http://www.microsoft.com/security/se...s/MS03-039.asp
>
> for information on obtaining this patch.
>
> Acknowledgment:
> ===============
> - eEye Digital Security (http://www.eeye.com/html)
> - NSFOCUS Security Team (http://www.nsfocus.com)
> - Xue Yong Zhi and Renaud Deraison from Tenable Network Security
> (http://www.tenablesecurity.com)
>
> for reporting the buffer overrun vulnerabilities and working with
> us to protect customers.
> - - -----------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
> DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
> THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
> BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
> DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
> ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
> ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
> OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
>
> iQEVAwUBP19PE40ZSRQxA/UrAQFL2ggAk84V2SkEsj8r0xW6JoxE9ojVFp8kQLWS
> SMYMXP6iEONzJzUGcoX8OLDWG5ncSoJVOSM+84PUCOAFnIZs8e ZV8MiOdjm/j2yO
> Fv+0bw6foQbsyvFT9Kcckrj/DJAIEnu5EMwVcU1jlkP1rIj6JXaZdC78jpHson2y
> AdxBM8altRg1aKplWYVe5vOV0Ya92KUkbKy0khv9xKgNO/PPbno4AdBzkk5s7hqy
> NNnhi+lbdZBubzhQkvG+Wj3bAA/onj7SdTAKXuaLEB61c5gDsznwV+d+tHYbZjdm
> 3BAhoL+b34yteRa3wJrMxgz6+KJLDpUvEUW9DYU9Mlscl3+d1S tbNw==
> =2u0i
> -----END PGP SIGNATURE-----
>
>
> ************************************************** *****************
>
> You have received this e-mail bulletin because of your subscription to
the
> Microsoft Product Security Notification Service. For more information
on
> this service, please visit
> http://www.microsoft.com/technet/security/notify.asp.
>
> To verify the digital signature on this bulletin, please download our
PGP
> key at http://www.microsoft.com/technet/security/notify.asp.
>
> To unsubscribe from the Microsoft Security Notification Service,
please
> visit the Microsoft Profile Center at
> http://register.microsoft.com/regsys/pic.asp
>
> If you do not wish to use Microsoft Passport, you can unsubscribe from
the
> Microsoft Security Notification Service via email as described below:
> Reply to this message with the word UNSUBSCRIBE in the Subject line.
>
> For security-related information about Microsoft products, please
visit the
> Microsoft Security Advisor web site at
http://www.microsoft.com/security.
>
>
> --
> Cédric
> http://www.logbook.ch/
> Enlever '.efface' de mon adresse email
>
>

moi aussi j'ai fait comme toi..... mais l'objet change tous les jours
maintenant.... je dois en etre à 300 ou 400....

"Pascal Constant" <pascal.constant@tiscali.be> a écrit dans le message news:
3f6c8d89$0$24174$ba620e4c@reader0.news.skynet.be.. .
> Voui quelques uns chez moi aussi... mais maintenant j'ai filtré tout ce
> qui possède les mots "Microsoft" ou "Bulletin" ou "Security" dans la
> ligne du sujet, et hop poubelle directement depuis le serveur de mail
> sans faire le donwload
>
> Courage,
> Pascal cé (en java dans ... oups 2 minutes)
>
> "BMPP" <bonsetmauvaisplans@free.fr> wrote in message
> news:3f6c5853$0$20654$626a54ce@news.free.fr...
> >
> > "Pascal Coppolani" <pascalcoppolani@wanadoo.fr> a écrit dans le
> message de
> > news:bkev7o$1aq$3@news-reader5.wanadoo.fr...
> > > > Source : crmu.pif
> > > > Description : La pièce jointe crmu.pif est infecté(e) par le virus
> > Worm.Automat.AHB.
> > > >
> > > > Source : mon NAV 2003. ce matin...
> >
> > Plus de 300 sur l'adresse des BMPP depuis hier
> > Merci MailWasher...
> >
> > Pascal
> >
> >
>
>

"les amis de neptune" <a.neptune@wanadoo.fr> a écrit dans le message de
news:bkk2id$rob$1@news-reader3.wanadoo.fr...
> moi aussi j'ai fait comme toi..... mais l'objet change tous les jours
> maintenant.... je dois en etre à 300 ou 400....

Bienvenue au club....

Il s'appellerait pas SWEN par hasard, ton gamin, Henri ?


PS: vous avez tous remarqué que SWEN est un anagramme de NEWS, donc
moi, je planque temporairement mon adresse email par précaution, en
attendant que le tir se calme.

philippe stroppa
merde@swen.fr


On Sat, 20 Sep 2003 23:30:51 +0200, "charb" <henricharb@wanadoo.fr>
wrote:

>Merde, je rentre d'une semaine de vacances, ma bal pleine de messages à la
>con et j'ai claqué mon fils pour abus d'Internet pendant mon absence. C'est
>pas de sa faute, alors?
>

cela n'arrête pas, ou est la bonne solution, tous les jours, 10,20,30
courriers m'arrivent avec ce virus et je n'arrive pas a programmer outloock
express pour les détruire au départ.
si vous avez une solution "Merci"
Beb
"grinszju" <grinszju@noos.fr> a écrit dans le message news:
2003919-19810-770529@foorum.com...
>
> bonjour,
>
> moi j'en reçois une dizaine toutes les 30 minutes...
>
> je les filtre avec "mailwasher" avant de les recevoir sur mon mail...
> à mon avis c'est un virus trés efficace (je pense qu'il y pas mal de
personnes
> qui doivent essayer d'installer le patch qui est en pièce jointes...)
>
> a+,
> julien
> --
> Ce message a été posté via la plateforme Web club-Internet.fr
> This message has been posted by the Web platform club-Internet.fr
>
> http://forums.club-internet.fr/

"Bernard Wyart" <wyber@club-internet.fr> wrote in message
news:3f6ef893$0$20944$7a628cd7@news.club-internet.fr...
> cela n'arrête pas, ou est la bonne solution, tous les jours, 10,20,30
> courriers m'arrivent avec ce virus et je n'arrive pas a programmer
outloock
> express pour les détruire au départ.
> si vous avez une solution "Merci"

Les libellés ne sont peut-être pas exact (j'ai une version anglaise)

Menu Outils -> Règle de messagerie -> Courrier -> Bouton Nouveau -> Coche
"Ou l'expéditeur contient" -> Clicker sur le lien et saisir "Microsoft" ->
Choche "Effacer du serveur". Les messages dont l'expéditeur est "Microsoft"
devraient être effacés directement du serveur.

--
Cédric
http://www.logbook.ch/
Enlever '.efface' de mon adresse email