IIS Security Roll Up
This is a discussion about IIS Security Roll Up in the Windows Software category; Just got this newsletter, so I thought I would pass along the whole thing in its entirety: Quote:IIS Admins, As you know, I don't issue bulletins unless the info deserves your attention. Today, a buffer overflow was announced that exploits ASP.
Just got this newsletter, so I thought I would pass along the whole thing in its entirety:
Quote:IIS Admins,
As you know, I don't issue bulletins unless the info deserves your attention.
Today, a buffer overflow was announced that exploits ASP.DLL. ASP, to date, has held up under the barrage of assaults brought onto the default application mappings in IIS. This one should drop you into the context of the IWAM account if you are running Out of Process or Pooled which is the default. Many of you don't have the luxury of removing .asp mappings so you are more likely to be vulnerable to this than the .printer or .htr problems of the past.
Microsoft has released a new IIS Roll-up hotfix that fixes this plus a few other items.
You need to start action immediately to apply this roll-up. There is no news yet as to how this impacts stability of the server. Those of you who have the luxury of quality assuring the roll-up are encouraged to do so. I will issue a follow-up bulletin with news of problems if they start to come in.
I expect automated tools to start hitting these vulnerabilities within a week.
http://www.microsoft.com/technet/security/bulletin/MS02-018.asp
----------------------------------------------------------
Brett Hill
IIS Administration and Security Training http://www.iistraining.com
Quote:IIS Admins,
As you know, I don't issue bulletins unless the info deserves your attention.
Today, a buffer overflow was announced that exploits ASP.DLL. ASP, to date, has held up under the barrage of assaults brought onto the default application mappings in IIS. This one should drop you into the context of the IWAM account if you are running Out of Process or Pooled which is the default. Many of you don't have the luxury of removing .asp mappings so you are more likely to be vulnerable to this than the .printer or .htr problems of the past.
Microsoft has released a new IIS Roll-up hotfix that fixes this plus a few other items.
You need to start action immediately to apply this roll-up. There is no news yet as to how this impacts stability of the server. Those of you who have the luxury of quality assuring the roll-up are encouraged to do so. I will issue a follow-up bulletin with news of problems if they start to come in.
I expect automated tools to start hitting these vulnerabilities within a week.
http://www.microsoft.com/technet/security/bulletin/MS02-018.asp
----------------------------------------------------------
Brett Hill
IIS Administration and Security Training http://www.iistraining.com
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Apr 10
Apr 11
0
2 minutes
Responses to this topic
Anyone is having any problem with it?
I applied to one IIS5 and it seems to be fine so far. (one day)
Another dude patches his up and now he is having problem connection with his NetWare server.
Don’t ask me why you want IIS to have NetWare client
I applied to one IIS5 and it seems to be fine so far. (one day)
Another dude patches his up and now he is having problem connection with his NetWare server.
Don’t ask me why you want IIS to have NetWare client
