Jump to content
Compatible Support Forums
Sign in to follow this  
clutch

IIS Security Roll Up

Recommended Posts

Just got this newsletter, so I thought I would pass along the whole thing in its entirety:

 

Quote:

IIS Admins,

 

As you know, I don't issue bulletins unless the info deserves your attention.

 

Today, a buffer overflow was announced that exploits ASP.DLL. ASP, to date, has held up under the barrage of assaults brought onto the default application mappings in IIS. This one should drop you into the context of the IWAM account if you are running Out of Process or Pooled which is the default. Many of you don't have the luxury of removing .asp mappings so you are more likely to be vulnerable to this than the .printer or .htr problems of the past.

 

Microsoft has released a new IIS Roll-up hotfix that fixes this plus a few other items.

 

You need to start action immediately to apply this roll-up. There is no news yet as to how this impacts stability of the server. Those of you who have the luxury of quality assuring the roll-up are encouraged to do so. I will issue a follow-up bulletin with news of problems if they start to come in.

 

I expect automated tools to start hitting these vulnerabilities within a week.

 

http://www.microsoft.com/technet/security/bulletin/MS02-018.asp

 

----------------------------------------------------------

Brett Hill

IIS Administration and Security Training http://www.iistraining.com

Share this post


Link to post

Anyone is having any problem with it?

I applied to one IIS5 and it seems to be fine so far. (one day)

Another dude patches his up and now he is having problem connection with his NetWare server.

Don’t ask me why you want IIS to have NetWare client smile

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×