Microsoft Security Bulletin Search
From: Richard Buckingham (richard_at_STAMPS.COM)
Date: 04/30/04
- Previous message: Kim, Cameron: "MS04-11, SSL, and ISA Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 16:21:48 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Russ,
the Microsoft Security Bulletin Search page (
http://www.microsoft.com/technet/security/current.aspx )does not show
the recent bulletin MS04-011 as a required update for IIS, it does
however show up under a search for both Windows 2000 SP4 and Windows
Server 2003.
Seems kind of wrong to me that according to Microsoft's Security
Bulletin Search there are no relevant IIS 5.0 patches for Windows 2000
SP4 web servers, when they are in fact vulnerable to attack via SSL
(specifically due to the PCT Vulnerability.)
I hope others are not relying on this search for peace of mind that they
are not vulnerable when in fact they are. Someone please correct me if I
am wrong but from everything I've read it appears that any IIS5/6 server
running SSL is in fact vulnerable without this patch.
Richard Buckingham
Senior Systems Engineer
Stamps.com Inc.
-----
Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
-----
- Previous message: Kim, Cameron: "MS04-11, SSL, and ISA Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
