Re: 2003 Web Server Security Flaw
From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 12/29/03
- Next message: Research Services: "Re: Permanently turn off Integrated Windows Authentication?"
- Previous message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.29"
- In reply to: Robert Waite: "Re: 2003 Web Server Security Flaw"
- Next in thread: Karl Levinson [x y] mvp: "Re: 2003 Web Server Security Flaw"
- Reply: Karl Levinson [x y] mvp: "Re: 2003 Web Server Security Flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Dec 2003 14:43:17 GMT
On Mon, 29 Dec 2003 00:50:42 -0500, "Robert Waite"
<bob2dev@tampabay.rr.com> wrote:
>Thanks for reply.
>
>>From experience (not all forums are responsive), I posted the same question
>to microsoft.public.windows.server.security
>and got a long series of non-answers, reflexive defenses of Microsoft, and
>the simple
>answer buried deep in the answer. Please see that long **** if you are
>curious about
>the philosophy debate.
>
>Long & Short of the responses:
>1. Media Player, Netmeeting and Outlook Express are required installs for
>Web Server
> and can not be disabled/uninstalled without breaking OS.
For outlook Express, a variation on this may work:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263837
We've removed Netmeeting on XP systems using:
RunDll32 advpack.dll,LaunchINFSection
C:\WINNT\inf\msnetmtg.inf,NetMtg.Remove
Haven't ever tried this on Server 2003.
Windows Media Player needs to be patched, but I don't know any way to
completely remove it.
>2. Their exe & dlls can not be attack points for hackers who exploit the
>on-going parade
> of buffer-over runs.
Not exactly. They may exhibit some client exploits, but in the cases
I've seen you'd have to either browse to a web site or download email
or a file to exploit any holes. Since you wouldn't normally do any of
this on your web server, you're sort of safe.
Also, you can disable file associations with these programs so even
clicking on a file on a web site won't launch them. Especially
Netmeeting, where remote desktop is disabled by default anyway.
>3. Win 2003 is great [with that I REALLY agree!]
It is, but it's a *server* and you shouldn't be vulnerable to client
attacks as long as you're not using it as a client.
At any rate, there really *should* be a lockdown option or removal
option for these utilities on a server. Unused functions should
always be disabled.
Jeff
>"Bernard" <qbernard@hotmail.com.discuss> wrote in message
>news:Ofg5JobzDHA.2528@TK2MSFTNGP09.phx.gbl...
>> You might want to rephrase you question.
>> and what is the flaw with the web server ?
>>
>> the app you mentioned can be blocked either via
>> permission or gpo restriction I believed.
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://support.microsoft.com/
>> Please respond to newsgroups only ...
>>
>>
>>
>> "Robert Waite" <bob2dev@tampabay.rr.com> ????
>> news:u1EQYzUzDHA.560@TK2MSFTNGP11.phx.gbl...
>> > Media Player, Netmeeting and possibly Outlook Express have no business
>> being
>> > on a Locked-down windows 2003 Web Server used only to host web sites,
>yet
>> I
>> > can not figure out how to un-install, or at least cripple, them.
>> >
>> > How do I do that?
>> >
>> > Thanks,
>> > Robert
>> >
>> >
>>
>>
>
- Next message: Research Services: "Re: Permanently turn off Integrated Windows Authentication?"
- Previous message: Karl Levinson [x y] mvp: "** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.29"
- In reply to: Robert Waite: "Re: 2003 Web Server Security Flaw"
- Next in thread: Karl Levinson [x y] mvp: "Re: 2003 Web Server Security Flaw"
- Reply: Karl Levinson [x y] mvp: "Re: 2003 Web Server Security Flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
