Re: Microsoft Security Bulletin Search

From: Levinson, Karl (Karl.Levinson_at_DHS.GOV)
Date: 05/03/04

  • Next message: Marc Maiffret: "Re: New LSASS-based worm finally here (Sasser)"
    Date:         Mon, 3 May 2004 09:51:03 -0400

    As has always been the case, an administrator must remember to search for
    patches for all of the software installed on the machine in question, e.g.
    both Windows and IIS, since an IIS server also has Windows and who knows
    what else installed on it. It is possible that Microsoft could put a
    statement making this more clear.

    Note that IIS 6 by default is not vulnerable to the MS04-011 SSL / PCT
    vulnerability, unless the administrator manually edits the registry to
    re-enable TLS 1.0. The patch is probably still a good idea for Windows
    Server 2003, especially since other vulnerabilities are fixed by that patch.



    Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <> for certification details and <> for conference information. Become TICSA certified and see what happens!

  • Next message: Marc Maiffret: "Re: New LSASS-based worm finally here (Sasser)"