Re: 2003 Web Server Security Flaw
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 12/29/03
- Next message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.29"
- Previous message: Bernard: "Re: Password protection for web pages ???"
- In reply to: Robert Waite: "Re: 2003 Web Server Security Flaw"
- Next in thread: Jeff Cochran: "Re: 2003 Web Server Security Flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Dec 2003 14:30:37 +0800
Ok. I read that thread. Everyone got some points there.
To one point, your question on 'removing' those unecessary program make
sense. as you don't need it at all. However on the attacking point of exe /
dll, if attacker already 'enter' your system via other channel with or
without these program, they still 'got' you. As for the reason why is there
? I'm sure there's some reason behind, but I would love to be able to remove
these program if you really don't need it. finally, your subject do sounds
abit confusing and indicate that there's some flaws with IIS6.0.
-- Regards, Bernard Cheah http://support.microsoft.com/ Please respond to newsgroups only ... "Robert Waite" <bob2dev@tampabay.rr.com> ???? news:OH#Ce9czDHA.1740@TK2MSFTNGP12.phx.gbl... > Thanks for reply. > > From experience (not all forums are responsive), I posted the same question > to microsoft.public.windows.server.security > and got a long series of non-answers, reflexive defenses of Microsoft, and > the simple > answer buried deep in the answer. Please see that long **** if you are > curious about > the philosophy debate. > > Long & Short of the responses: > 1. Media Player, Netmeeting and Outlook Express are required installs for > Web Server > and can not be disabled/uninstalled without breaking OS. > 2. Their exe & dlls can not be attack points for hackers who exploit the > on-going parade > of buffer-over runs. > 3. Win 2003 is great [with that I REALLY agree!] > > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > news:Ofg5JobzDHA.2528@TK2MSFTNGP09.phx.gbl... > > You might want to rephrase you question. > > and what is the flaw with the web server ? > > > > the app you mentioned can be blocked either via > > permission or gpo restriction I believed. > > > > -- > > Regards, > > Bernard Cheah > > http://support.microsoft.com/ > > Please respond to newsgroups only ... > > > > > > > > "Robert Waite" <bob2dev@tampabay.rr.com> ???? > > news:u1EQYzUzDHA.560@TK2MSFTNGP11.phx.gbl... > > > Media Player, Netmeeting and possibly Outlook Express have no business > > being > > > on a Locked-down windows 2003 Web Server used only to host web sites, > yet > > I > > > can not figure out how to un-install, or at least cripple, them. > > > > > > How do I do that? > > > > > > Thanks, > > > Robert > > > > > > > > > > > >
- Next message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.29"
- Previous message: Bernard: "Re: Password protection for web pages ???"
- In reply to: Robert Waite: "Re: 2003 Web Server Security Flaw"
- Next in thread: Jeff Cochran: "Re: 2003 Web Server Security Flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
