Re: IIS still vulnerable

From: Keith W. McCammon (km_at_km.com)
Date: 12/29/03 

Date: Mon, 29 Dec 2003 11:59:45 -0500

Is the system properly configured? Patching is worthless if you have weak
permissions and easy passwords.

And are you running any third-party software?

"Johnny" <anonymous@discussions.microsoft.com> wrote in message
news:056301c3ce28$91e82630$a001280a@phx.gbl...
> IIS with all the lastest updates/patches and some kid
> executes code on the machine, uploads an FTP daemon then
> and uploads 10gb of movies & games - he usually puts
> everything into iissamples. - its all in German!!!
>
>

Relevant Pages

  • RE: no OWA
    ... have the correct permissions was the "inetpub" folder. ... Correct the settings in IIS: ... click to check the "Hide All Microsoft Services" ...
    (microsoft.public.windows.server.sbs)
  • Re: Minimum NTFS Permissions - Theres such a thing???
    ... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
    (microsoft.public.inetserver.iis.security)
  • Re: FTP control
    ... > I would like to use NTFS security settings to control who ... I would suggest getting a third party FTP server, ... if you set quota and these permissions for that group you can ... Information Server (IIS) Web site, ...
    (microsoft.public.win2000.security)
  • Re: Minimum NTFS Permissions - Theres such a thing???
    ... ?2001 Microsoft Corporation. ... > permissions that you must have to run Internet Information Services ... > third-party applications in an IIS 5.0 environment. ... Open the properties for the %systemroot%\Winnt folder, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Digest Authentication
    ... It sounds like IIS is having problems impersonating the IUSR account, ... In IIS, you do not need Script Source or Write permissions unless you ... But the Digest authentication for windows domain is ...
    (microsoft.public.inetserver.iis)