You are not logged in. [Log In] CompatDB.org » Forums » Windows NT4/2000/XP/2003/Vista/2008/Home Server/7 » Software » IIS Security Roll Up
Register User    Forum List        FAQ

IIS Security Roll Up

Just got this newsletter, so I thought I would pass along the whole thing in its entirety: IIS Admins, As you know, I don't issue bulletins unless the info deserves your attention. Today, a buffer overflow was announced that exploits ASP.DL...




Topic Options
#96283 - 04/10/02 10:49 PM IIS Security Roll Up
clutch Offline
Carpal Tunnel

Registered: 03/29/00
Posts: 3859
Just got this newsletter, so I thought I would pass along the whole thing in its entirety:

Quote:

IIS Admins,

As you know, I don't issue bulletins unless the info deserves your attention.

Today, a buffer overflow was announced that exploits ASP.DLL. ASP, to date, has held up under the barrage of assaults brought onto the default application mappings in IIS. This one should drop you into the context of the IWAM account if you are running Out of Process or Pooled which is the default. Many of you don't have the luxury of removing .asp mappings so you are more likely to be vulnerable to this than the .printer or .htr problems of the past.

Microsoft has released a new IIS Roll-up hotfix that fixes this plus a few other items.

You need to start action immediately to apply this roll-up. There is no news yet as to how this impacts stability of the server. Those of you who have the luxury of quality assuring the roll-up are encouraged to do so. I will issue a follow-up bulletin with news of problems if they start to come in.

I expect automated tools to start hitting these vulnerabilities within a week.

http://www.microsoft.com/technet/security/bulletin/MS02-018.asp

----------------------------------------------------------
Brett Hill
IIS Administration and Security Training http://www.iistraining.com

Top
Advertisement
#96361 - 04/11/02 09:30 PM Re: IIS Security Roll Up
Igor Offline
enthusiast

Registered: 07/24/99
Posts: 382
Anyone is having any problem with it?
I applied to one IIS5 and it seems to be fine so far. (one day)
Another dude patches his up and now he is having problem connection with his NetWare server.
Don’t ask me why you want IIS to have NetWare client smile

Top


Forums
Windows Support Forums
Everything New Technology
Legacy OS
Hardware
Software
Games
Networking
Customization & Tweaking
Security

Linux Support Forums
Everything Linux
Linux Hardware
Linux Software
Linux Games
Linux Networking
Linux Customization & Tweaking
Linux Security

Apple Support Forums
Everything Apple
Recent Topics
x86 OS, RAM, & Virtual Machines
by Myke
12/22/09 08:16 PM
Ram Question
by JohnnyAshes
12/21/09 09:50 PM
NEWBIE needs help with REALTEK
by SerryJW
12/21/09 06:09 AM
What version of Linux is this?
by DxxLinux
12/15/09 07:59 PM
Anything like HyperCam?
by Luckycharm8989
12/11/09 02:08 PM
Who's Online
1 Registered (gailerl), 173 Guests and 27 Spiders online.
Key: Admin, Global Mod, Mod
Forum Stats
91403 Members
24 Forums
59279 Topics
189806 Posts

Max Online: 1079 @ 03/12/08 01:36 PM
Privacy statement · Mark all read
NT Compatible · Linux Compatible · Mac OS Compatible · Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22