Re: Microsoft Security Bulletin MS03-007 - 815021
From: Dane (Dane352@hotmail.com)
Date: 03/17/03
- Next message: notmeitis2@hotmail.com: "someone's using my e-mail address"
- Previous message: Karl Levinson [x y] mvp: "Re: someone's using my e-mail address"
- In reply to: Jerry Bryant [MSFT]: "Microsoft Security Bulletin MS03-007 - 815021"
- Next in thread: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Jeff Cochran: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dane" <Dane352@hotmail.com> Date: Mon, 17 Mar 2003 15:04:24 -0600
"Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
news:u1vpELL7CHA.2272@TK2MSFTNGP12.phx.gbl...
> Title: Unchecked buffer in Windows component could cause web server
> compromise
> Date: March 17, 2003
> Software: Microsoft Windows 2000 All Versions
> Impact: Run code of attacker's choice
> Maximum Severity Rating: CRITICAL
> Bulletin: MS03-007
Probably the greatest advice ever given
http://www3.gartner.com/DisplayDocument?doc_cd=101034
"Gartner recommends that enterprises hit by both Code Red and Nimda
immediately investigate alternatives to IIS, including moving Web
applications to Web server software from other vendors, such as iPlanet and
Apache. Although these Web servers have required some security patches, they
have much better security records than IIS and are not under active attack
by the vast number of virus and worm writers. Gartner remains concerned that
viruses and worms will continue to attack IIS until Microsoft has released a
completely rewritten, thoroughly and publicly tested, new release of IIS.
Sufficient operational testing should follow to ensure that the initial wave
of security vulnerabilities every software product experiences has been
uncovered and fixed. This move should include any Microsoft .NET Web
services, which requires the use of IIS. Gartner believes that this
rewriting will not occur before year-end 2002 (0.8 probability).
Analytical Source: John Pescatore, Information Security Strategies"
- Next message: notmeitis2@hotmail.com: "someone's using my e-mail address"
- Previous message: Karl Levinson [x y] mvp: "Re: someone's using my e-mail address"
- In reply to: Jerry Bryant [MSFT]: "Microsoft Security Bulletin MS03-007 - 815021"
- Next in thread: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Jeff Cochran: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
