PWS and IIS and W2K Pro
From: Russ (Russ.Cooper@RC.ON.CA)Date: 08/10/01
- Previous message: Beck, Jared: "Response to Identix BioLogon Client security bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <E9A01F52DC939448BBDE44ED2E1C468F167C98@muskie.rc.on.ca> Date: Fri, 10 Aug 2001 13:23:22 -0400 From: Russ <Russ.Cooper@RC.ON.CA> Subject: PWS and IIS and W2K Pro To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
-----BEGIN PGP SIGNED MESSAGE-----
There's a common misconception floating around that Windows 2000
Professional cannot be participating in the Code Red issue. This is
flat out wrong!
Its believed that PWS (Personal Web Server) on W2K Professional is
somehow *not* IIS 5.0 (Internet Information Services 5.0). This is
flat out wrong!
Let me try and lay this one to rest. PWS on W2K **IS** IIS 5.0. The
difference between these two "products" is not in the code that they
operate, or the features they support, its strictly within the
Management Interface.
PWM, or Personal Web Manager, is an executable which provides limited
control over the web server. Internet Services Manager is the
full-blown MMC snap-in which provides all control over the web
server.
Either can be used on a W2K Professional Box which has installed IIS
(or PWS). They can be found on such a box in the following locations;
Personal Web Manager
%SystemRoot%\system32\inetsrv\pws.exe
Internet Services Manager
%SystemRoot%\System32\Inetsrv\iis.msc
See;
http://windows.microsoft.com/windows2000/en/professional/iis/htm/core/
iiabuti.htm?id=8
or your Windows 2000 Professional documentation for a fuller
explanation.
Neither PWS or IIS are installed by default on a W2K Professional
**CLEAN INSTALL**. If a Windows NT 4.0 Workstation box with Personal
Web Server installed is upgraded to Windows 2000 Professional, then
by default IIS 5.0 will be installed.
When IIS is on a W2K Professional box, by default, it has .ida and
.idq script mappings in place and IDQ.DLL is there too. So, if they
aren't patched, or the MMC Snap-in isn't used to remove the mappings
(you can't remove the mappings through PWM), then the box can be
infected and will participate in Code Red attacks.
IIS is also installed by default on W2K Professional boxes if you
install Visual Studio's Visual Interdev. Its used to test/create web
applications.
So, please stop trying to put out your internal infections by relying
on your belief in what machines are running web servers. This is
clearly not working for many companies, the root of the problem
partially being mistaken beliefs like the one above. I strongly
suspect that anyone who runs an HTTP scan against their entire
network space (using something like NetCat) is going to find at least
one unexpected web server. More often than not people are finding
hundreds of them.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
iQCVAwUBO3QYihBh2Kw/l7p5AQGTywP/d1outE4HuhvVlTDtInwqRVdGw0XEDLKn
6SWLeyy7FZH+Y9esGrabFSaK9dOvxw6iyd/IlZSLH4UD+5FbYyTybx3zvGNpgQbA
eit72k52+6vW2I6OpSW18uRmOUVkNZI7Op46odKcDR36PrUIcQag1e4XlZiIML2A
KYkpf+3l3d8=
=sL1v
-----END PGP SIGNATURE-----
- Previous message: Beck, Jared: "Response to Identix BioLogon Client security bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
