Re: Microsoft Security Bulletin MS03-007 - 815021

From: Gordon Price (gordon(remove)@thomashacker.com)
Date: 03/18/03

• Next message: krish shenoy[MS]: "Re: Renew a Windows 2000 Enterprise CA"
• Previous message: Jim Jones: "Windows 2000 User List"
• In reply to: Dane: "Re: Microsoft Security Bulletin MS03-007 - 815021"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Gordon Price" <gordon(remove)@thomashacker.com>
Date: Mon, 17 Mar 2003 16:24:04 -0800

"Dane" <Dane352@hotmail.com> wrote in message
news:OfRwuSN7CHA.2328@TK2MSFTNGP10.phx.gbl...
> CERT's warning about the flaw is sober. "Any attacker who can reach a
> vulnerable Web server can gain complete control of the system," it says.
> "Note that this may be significantly more serious than a simple 'Web
> defacement.' "

On the flip side, how much testing has MS done? Are we going to find out
that 10% of people who install the 'fix' are protected from the hack,
because there server crashed and wouldn't come back. This is a little worse
than a 'defacement' also. I am surprised that MS doesn't just fix IIS the
way they did Outlook, you know, if anyone actually tries to connect to IIS
you get an event that says "Potentially unsave access blocked" and IIS just
sits there, doing nothing. If this is MSs idea of Secure Computing I think
someone must be smoking crack!

Gordon

---

• Next message: krish shenoy[MS]: "Re: Renew a Windows 2000 Enterprise CA"
• Previous message: Jim Jones: "Windows 2000 User List"
• In reply to: Dane: "Re: Microsoft Security Bulletin MS03-007 - 815021"
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Microsoft Security Bulletin MS03-007 - 815021 ... > vulnerable Web server can gain complete control of the system," it says. ... I am surprised that MS doesn't just fix IIS the ... way they did Outlook, you know, if anyone actually tries to connect to IIS ... (microsoft.public.security) Re: Microsoft Security Bulletin MS03-007 - 815021 ... "Any attacker who can reach a ... vulnerable Web server can gain complete control of the system," it says. ... (microsoft.public.win2000.security) Re: Microsoft Security Bulletin MS03-007 - 815021 ... "Any attacker who can reach a ... vulnerable Web server can gain complete control of the system," it says. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)