Security...

Microsoft Bulletin MS03-043:
Vulnerability in the Messaging Service

To: RALS-Plus & RALS-G Customers From: MAS Technology Infrastructure and RALS-Plus Product Line Management Date: March 2004
This MS patch solves vulnerability in the messaging service.  To exploit the hole fixed by this patch, the user must: Send an email with the malicious HTML code included;  or Visit a malicious web site that is hosting the code to exploit the hole.  In a RALS-Plus system configured and operated as intended:   No incoming email is supposed to be received at a RALS-Plus IMS and especially not at a RALS-Plus RCS.     No user should be "surfing the Internet" with IE from the RALS-Plus RCS.
The most likely route to exploit this hole would be a user "surfing" to a web site created to exploit this hole from the IMS - however, since the IMS is supposed to be a dedicated workstation for the use of RALS-Plus, using that machine to access web content (with the possible exception of the MAS web page) would not be a normal intended use for that machine.	Security Archive ASN.1 Security Vulnerability Update 1 MS Vulnerability in the Messaging Service Information on MS RPC Security Vulnerability
MAS has included this security update in the next update release for the RALS-Plus system Since this security vulnerability should not be exploitable when using the product as intended, this update was NOT regression tested against older versions of the RALS products currently in service.  However, if you wish to modify your RALS system configuration to provide protection before the next RALS-Plus update is installed that includes this patch, MAS recommends the following approach: Turning off the messenger service To turn off messenger the service: Go to control panel and click on 'Messenger Service' Set startup type to 'Disabled' Set service status to 'Stop'
Please contact MAS technical support for assistance 877-627-7257