Re: Microsoft Security Bulletin MS03-007 - 815021
From: Dane (Dane352@hotmail.com)
Date: 03/18/03
- Next message: Ariel: "Determine if IIS Lockdown applied - ????"
- Previous message: Kent: "All rights to C: drive denied. How do I fix that?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Next in thread: Jeff Cochran: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Jeff Cochran: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dane" <Dane352@hotmail.com> Date: Tue, 18 Mar 2003 07:49:36 -0600
You might want to count the vulns against each, and how many allowed
complete control (root level access) of the server. Apache typically runs
with a limited set of permissions so if an attacker gets control of Apache
they haven't accomplished much, if it is a root level exploit then they own
the server. IIS typically runs with admin privelages so controll of IIS is
usually worse.
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:3E767CFA.9C805E97@pacbell.net...
> And what about all those lovely vulns in the Apache server?
>
> ANY web server is sitting duck these days no matter what flavor.
>
> Dane wrote:
>
> > "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> wrote in message
> > news:u1vpELL7CHA.2272@TK2MSFTNGP12.phx.gbl...
> > > Title: Unchecked buffer in Windows component could cause web server
> > > compromise
> > > Date: March 17, 2003
> > > Software: Microsoft Windows 2000 All Versions
> > > Impact: Run code of attacker's choice
> > > Maximum Severity Rating: CRITICAL
> > > Bulletin: MS03-007
> >
> > Probably the greatest advice ever given
> > http://www3.gartner.com/DisplayDocument?doc_cd=101034
> > "Gartner recommends that enterprises hit by both Code Red and Nimda
> > immediately investigate alternatives to IIS, including moving Web
> > applications to Web server software from other vendors, such as iPlanet
and
> > Apache. Although these Web servers have required some security patches,
they
> > have much better security records than IIS and are not under active
attack
> > by the vast number of virus and worm writers. Gartner remains concerned
that
> > viruses and worms will continue to attack IIS until Microsoft has
released a
> > completely rewritten, thoroughly and publicly tested, new release of
IIS.
> > Sufficient operational testing should follow to ensure that the initial
wave
> > of security vulnerabilities every software product experiences has been
> > uncovered and fixed. This move should include any Microsoft .NET Web
> > services, which requires the use of IIS. Gartner believes that this
> > rewriting will not occur before year-end 2002 (0.8 probability).
> > Analytical Source: John Pescatore, Information Security Strategies"
>
- Next message: Ariel: "Determine if IIS Lockdown applied - ????"
- Previous message: Kent: "All rights to C: drive denied. How do I fix that?"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Next in thread: Jeff Cochran: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Jeff Cochran: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
