Microsoft Statement Regarding Configuration Change to Windows in Response to Download.Ject Security Issue

REDMOND, Wash., July 2, 2004 (Updated 10:30 a.m. PDT) — On Thursday, June 24, 2004, Microsoft responded to reports that some customers running IIS 5.0 (Internet Information Services), a component of Windows 2000 Server, were being targeted by malicious code, known as “Download.Ject.” Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack — a Web server located in Russia — and shut it down on Thursday, June 24, 2004. (Additional information about Download.Ject is available at http://www.microsoft.com/security/incident/download_ject.mspx .)

The security of our customers computers and networks is a top priority for Microsoft, and we have been working around-the-clock to further address the criminal malware targeting Internet Explorer users. On Friday, July 2, 2004, Microsoft released a configuration change to the Windows XP, Windows Server 2003, and Windows 2000 operating systems that improves system resiliency to protect against the Download.Ject attack. We recommend that customers immediately install this configuration change through Windows Update ( http://windowsupdate.microsoft.com) .

In addition to this configuration change, which will protect customers against the immediate reported threats, Microsoft is working to provide a series of security updates to Internet Explorer in coming weeks that will provide additional protections for our customers.

Later this summer, Microsoft will release Windows XP Service Pack 2, which includes the most up-to-date network, Web browsing and e-mail features designed to help protect against malicious attacks and reduce unwanted content and downloads. A comprehensive update for all supported versions of Internet Explorer will be released once it has been thoroughly tested and found to be effective across a wide variety of supported versions and configurations of Internet Explorer.

Microsoft continues to recommend that all customers visit http://www.microsoft.com/protect to take the three key steps to protect their PCs. The three key steps are:

  • Use an Internet Firewall on all PCs and Laptops: An Internet firewall can help prevent outsiders from getting to your computer through the Internet. If you use Microsoft Windows XP, enable the built-in firewall.

  • Update Your Computer: Windows includes the automatic updates feature (Windows Update) which can automatically download the latest Microsoft security updates. Windows 98 SE and Windows ME can be updated from http://windowsupdate.microsoft.com .

  • Use Up-to-Date Antivirus Software: Installing, configuring and maintaining antivirus protection is absolutely essential.

We are continuing to work with law enforcement and industry partners to identify the individuals or entities responsible for Download.Ject Internet attack, and bring those responsible for this criminal act to justice. Customers who believe they may have been attacked should contact their local FBI or Secret Service office or post their complaint at http://www.ifccfbi.gov . Customers outside of the U.S. should contact their national law enforcement agency in their country.

Note to editors : If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .

Related Posts