Re: 2003 Web Server Security Flaw

From: Robert Waite (bob2dev_at_tampabay.rr.com)
Date: 12/29/03 

Date: Mon, 29 Dec 2003 00:50:42 -0500

Thanks for reply.

>From experience (not all forums are responsive), I posted the same question
to microsoft.public.windows.server.security
and got a long series of non-answers, reflexive defenses of Microsoft, and
the simple
answer buried deep in the answer. Please see that long **** if you are
curious about
the philosophy debate.

Long & Short of the responses:
1. Media Player, Netmeeting and Outlook Express are required installs for
Web Server
    and can not be disabled/uninstalled without breaking OS.
2. Their exe & dlls can not be attack points for hackers who exploit the
on-going parade
    of buffer-over runs.
3. Win 2003 is great [with that I REALLY agree!]

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:Ofg5JobzDHA.2528@TK2MSFTNGP09.phx.gbl...
> You might want to rephrase you question.
> and what is the flaw with the web server ?
>
> the app you mentioned can be blocked either via
> permission or gpo restriction I believed.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
>
> "Robert Waite" <bob2dev@tampabay.rr.com> ????
> news:u1EQYzUzDHA.560@TK2MSFTNGP11.phx.gbl...
> > Media Player, Netmeeting and possibly Outlook Express have no business
> being
> > on a Locked-down windows 2003 Web Server used only to host web sites,
yet
> I
> > can not figure out how to un-install, or at least cripple, them.
> >
> > How do I do that?
> >
> > Thanks,
> > Robert
> >
> >
>
>

Relevant Pages

  • Re: Updating Outlook Add-Ins Using Application Manifests
    ... This book talks about disconnected Add-In support for ... Using C# with Excel, Word, Outlook, and ... the file share is preferred to the Web Server (see the quote ... > and assemblies are downloaded. ...
    (microsoft.public.vsnet.vstools.office)
  • Re: Rejected Safe Mode action : Microsoft Office Outlook.
    ... Is it supposed to be accessing Outlook data on the Web server? ... Thread account name: TECHSERV2000\Dkandersack ...
    (microsoft.public.office.developer.outlook.vba)
  • Re: 2003 Web Server Security flaw
    ... "Locked-down windows 2003 Web Server used only to host web sites". ... What is your logic/rationale for Media Player being a required install ... The Media Player patch was the ONLY that FAILED. ... > When talking about computer security, there are areas that have no such ...
    (microsoft.public.windows.server.security)
  • Re: Internet Viewing Problem
    ... The first thing that struck me when loading the video is: ... Windows Media Video 9 Professional 1500kbps ... The second is your choice of web server configuration. ... In fact to be playable in media player in a web page, ...
    (microsoft.public.windowsmedia.player)
  • Re: Internet Viewing Problem
    ... The first thing that struck me when loading the video is: ... Windows Media Video 9 Professional 1500kbps ... The second is your choice of web server configuration. ... In fact to be playable in media player in a web page, ...
    (microsoft.public.windowsmedia.player)