Re: 2003 Web Server Security Flaw

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 12/29/03 

Date: Mon, 29 Dec 2003 10:46:32 -0500

"Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
news:3ff93b57.608328620@msnews.microsoft.com...

> Not exactly. They may exhibit some client exploits, but in the cases
> I've seen you'd have to either browse to a web site or download email
> or a file to exploit any holes. Since you wouldn't normally do any of
> this on your web server, you're sort of safe.

I think you've just come up with a good slogan for the next ad campaign:
"Windows 2003: You're sort of safe." Or, "Windows 2003: Don't browse the
web or check your email." Are we supposed to feel OK that our enterprise
server farm is "sort of safe?"

If these products such as OE are so unsafe, we should also be upset about
them being mandatory and unremovable in workstations as well as server
products, where "just don't check your email or browse the web" or "just use
Group Policy" isn't a very workable option. A truly secure OS would give
you a way to disable unneeded components.

> Also, you can disable file associations with these programs so even
> clicking on a file on a web site won't launch them. Especially
> Netmeeting, where remote desktop is disabled by default anyway.

A software company that is serious about committing security over marketing
and market share, they would have done so years ago with these and many
other file associations.

Relevant Pages

  • Re: Cant see performance report, etc. SBS2003
    ... However, for "OpenSSH Server", you need to ensure it started, or set ... click to check the "Hide All Microsoft Services" ... Make sure no host header is assigned to the Default Web Site. ... Reinstall Monitoring component: ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS (on SBS 2k) default website stopped address already in use
    ... server box properly and configure the following settings on the ISA server. ... Create an anonymous Site and Content rule for Windows Update ... Web site through a server that is running ISA Server ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: publishing multiple websites in ISA 2004
    ... hosted off of a second server that is a member server in the network. ... We can publish multiple internal websites through ISA ... INSIDE OF SBS NETWORK, IS SAFER THAN JUST ON THE SBS/ISA BOX, CORRECT? ... 816576 How to create a new virtual server or Web site in Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Netopia 3347NWG with Remote Desktop and Remote Web Workplace
    ... Microsoft Exchange Best Practices Analyzer Web Update Pack ... Windows Backup Wizard has not yet run [I know -- I was waiting to get this ... Microsoft Windows Small Business Server 2003 Best Practices Analyzer ... I configured the server extensions for the Default Web Site under sbs2003, ...
    (microsoft.public.windows.server.sbs)
  • RE: HELP! Strange Problem with Internet Access after Migration
    ... Server, you cannot access your web site www.tapeandmedia.com, but other ... If you are using ISA 2000, there is a known issue when the internal client ... Since the internet computers can access the published web sites, ...
    (microsoft.public.windows.server.sbs)