Re: Critical Updates

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 07/29/04

Next message: Bernard: "Re: IIS Restart API"
Previous message: Bernard: "Re: Security checking software"
In reply to: avildasfriend: "Critical Updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Jul 2004 12:28:20 +0800

I believe those changes are applied by IISLockDown / Urlscan.
If such write access is needed, it's fine to remove it. just
ensure only that folder or files able to write by your application.
not entire disk or volume.

-- 
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"avildasfriend" <anonymous@discussions.microsoft.com> wrote in message
news:618a01c474f7$90a4cc80$a401280a@phx.gbl...
> On a windows 2000 server, I used the web to download and
> install five critical security updates.  KB839645-
> Vulnerability in Windows Shell could allow remote code
> execution, KB840315-Vulnerability in html help could allow
> code execution,KB841873-Vulnerability in Task Scheduler
> could allow code execution, KB841872-Vulnerability in
> POSIX could allow code execution, and KB842526-
> Vulnerability in Utility Manager could allow code
> execution.  Concurrent with these updates, Users were
> unable to log into our internal web pages, or edit public
> or internal pages. Security Properties for the directory
> in question included Web Anonymous User, which only had
> deny "write" checked.  (I do not know the
> users/permissions originally set for this directory) Once
> I removed the deny write, the sites/pages were functional
> again.  My question is: Is there anything in the updates
> that made any changes to anonymous user or ADDED anonymous
> user to webroot?  I read the bulletins and don't see any
> reference but who knows.  Blame must be placed.  If not
> the updates, I have to figure out who oops'd (without
> authority).
> Thank You
>

Next message: Bernard: "Re: IIS Restart API"
Previous message: Bernard: "Re: Security checking software"
In reply to: avildasfriend: "Critical Updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Critical Updates
... Vulnerability in Windows Shell could allow remoe code ... POSIX could allow code execution, ... Concurrent with these updates, Users were ... that made any changes to anonymous user or ADDED anonymous ...
(microsoft.public.windows.server.general)
Web Anonymous User
... Vulnerability in Windows Shell could allow remote code ... execution, KB840315-Vulnerability in html help could allow ... Concurrent with these updates, Users were ... that made any changes to web anonymous user or ADDED web ...
(microsoft.public.isa.configuration)
Critical Updates
... Vulnerability in Windows Shell could allow remote code ... execution, KB840315-Vulnerability in html help could allow ... Concurrent with these updates, Users were ... that made any changes to anonymous user or ADDED anonymous ...
(microsoft.public.inetserver.iis.security)
RE: You do not have permission to update Windows 2000 (or Windows XP)
... You do not have permission to update Windows 2000 ... I receive this error message whenever I try to install these updates: ... Vulnerability in DirectPlay could allow denial of service ... KB839645 A vulnerability in Windows Shell could allow remote code execution ...
(microsoft.public.windowsupdate)