Microsoft Security Bulletin Search

From: Richard Buckingham (richard_at_STAMPS.COM)
Date: 04/30/04

  • Next message: Bill Sanderson: "Known issues with MS04-011"
    Date:         Thu, 29 Apr 2004 16:21:48 -0700
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Russ,

     the Microsoft Security Bulletin Search page (
    http://www.microsoft.com/technet/security/current.aspx )does not show
    the recent bulletin MS04-011 as a required update for IIS, it does
    however show up under a search for both Windows 2000 SP4 and Windows
    Server 2003.

    Seems kind of wrong to me that according to Microsoft's Security
    Bulletin Search there are no relevant IIS 5.0 patches for Windows 2000
    SP4 web servers, when they are in fact vulnerable to attack via SSL
    (specifically due to the PCT Vulnerability.)

    I hope others are not relying on this search for peace of mind that they
    are not vulnerable when in fact they are. Someone please correct me if I
    am wrong but from everything I've read it appears that any IIS5/6 server
    running SSL is in fact vulnerable without this patch.

    Richard Buckingham
    Senior Systems Engineer
    Stamps.com Inc.

    http://www.stamps.com

    -----
    Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
    -----


  • Next message: Bill Sanderson: "Known issues with MS04-011"