Re: Microsoft Security Bulletin Search
From: Levinson, Karl (Karl.Levinson_at_DHS.GOV)
Date: Mon, 3 May 2004 09:51:03 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
As has always been the case, an administrator must remember to search for
patches for all of the software installed on the machine in question, e.g.
both Windows and IIS, since an IIS server also has Windows and who knows
what else installed on it. It is possible that Microsoft could put a
statement making this more clear.
Note that IIS 6 by default is not vulnerable to the MS04-011 SSL / PCT
vulnerability, unless the administrator manually edits the registry to
re-enable TLS 1.0. The patch is probably still a good idea for Windows
Server 2003, especially since other vulnerabilities are fixed by that patch.
Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!