clutch 1 Posted April 10, 2002 Just got this newsletter, so I thought I would pass along the whole thing in its entirety: Quote: IIS Admins, As you know, I don't issue bulletins unless the info deserves your attention. Today, a buffer overflow was announced that exploits ASP.DLL. ASP, to date, has held up under the barrage of assaults brought onto the default application mappings in IIS. This one should drop you into the context of the IWAM account if you are running Out of Process or Pooled which is the default. Many of you don't have the luxury of removing .asp mappings so you are more likely to be vulnerable to this than the .printer or .htr problems of the past. Microsoft has released a new IIS Roll-up hotfix that fixes this plus a few other items. You need to start action immediately to apply this roll-up. There is no news yet as to how this impacts stability of the server. Those of you who have the luxury of quality assuring the roll-up are encouraged to do so. I will issue a follow-up bulletin with news of problems if they start to come in. I expect automated tools to start hitting these vulnerabilities within a week. http://www.microsoft.com/technet/security/bulletin/MS02-018.asp ---------------------------------------------------------- Brett Hill IIS Administration and Security Training http://www.iistraining.com Share this post Link to post
Igor 0 Posted April 11, 2002 Anyone is having any problem with it? I applied to one IIS5 and it seems to be fine so far. (one day) Another dude patches his up and now he is having problem connection with his NetWare server. Don’t ask me why you want IIS to have NetWare client Share this post Link to post
