Re: 2003 Web Server Security Flaw

From: Robert Waite (bob2dev_at_tampabay.rr.com)
Date: 12/30/03 

Date: Mon, 29 Dec 2003 19:13:07 -0500

Thanks to Jeff and Karl for useful and throughly professional replies!
Robert Waite

"Karl Levinson [x y] mvp" <levinson_k@despammed.com> wrote in message
news:uVQHpKizDHA.2388@TK2MSFTNGP09.phx.gbl...
>
> "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
> news:3ff93b57.608328620@msnews.microsoft.com...
>
> > Not exactly. They may exhibit some client exploits, but in the cases
> > I've seen you'd have to either browse to a web site or download email
> > or a file to exploit any holes. Since you wouldn't normally do any of
> > this on your web server, you're sort of safe.
>
> I think you've just come up with a good slogan for the next ad campaign:
> "Windows 2003: You're sort of safe." Or, "Windows 2003: Don't browse
the
> web or check your email." Are we supposed to feel OK that our enterprise
> server farm is "sort of safe?"
>
> If these products such as OE are so unsafe, we should also be upset about
> them being mandatory and unremovable in workstations as well as server
> products, where "just don't check your email or browse the web" or "just
use
> Group Policy" isn't a very workable option. A truly secure OS would give
> you a way to disable unneeded components.
>
>
> > Also, you can disable file associations with these programs so even
> > clicking on a file on a web site won't launch them. Especially
> > Netmeeting, where remote desktop is disabled by default anyway.
>
> A software company that is serious about committing security over
marketing
> and market share, they would have done so years ago with these and many
> other file associations.
>
>
>

Relevant Pages

  • Re: 2003 Web Server Security Flaw
    ... >> clicking on a file on a web site won't launch them. ... >other file associations. ... Same argument about secure passwords. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cant Load Win/MS Update Pages
    ... The file associations have been messed up due to the malware. ... I am unable to get to either web site from my daughter's computer. ... As with the MS/Win Update attempts, I get an indication that 207.0.0.1 is attempting to load followed by an IE page failed to load message. ... I downloaded the .exe files from another computer to CD, but when I try to install on my daughter's computer, I get "an error has occured" message with a send error report option. ...
    (microsoft.public.windowsupdate)
  • Re: Linking .jpg images creates huge file
    ... applications and what file associations you have on your PC. ... Picture> from file and click the little arrow to the left of the Insert ... Word MVP web site http://word.mvps.org ...
    (microsoft.public.word.docmanagement)
  • Re: Browser Wont Launch when CTRL-clicking hyperlink
    ... This will almost certainly be a conflict over file associations between IE ... I suspect you will have to return the default setting to IE. ... Word MVP web site www.mvps.org/word ...
    (microsoft.public.word.docmanagement)
  • ASP.Net horrow story and questions...
    ... - IIS Admin: LocalSystem account ... In IIS Manager on Web Server create a new Web Site ... Is there something wrong with my Wizard files? ...
    (microsoft.public.dotnet.framework.aspnet)