Re: Microsoft Security Bulletin MS03-007 - 815021
From: Jerry Bryant [MSFT] (jbryant@online.microsoft.com)
Date: 03/18/03
- Next message: Kryptat: "help - lastest security patch killed my server"
- Previous message: Steven L Umbach: "Re: Password for Window 2000 will not work after a Microsoft update"
- In reply to: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Next in thread: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Analysis&Solutions: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com> Date: Tue, 18 Mar 2003 08:41:53 -0800
It is important to note that this is not an IIS or even a WebDAV
vulnerability. The issue lies in NTDLL.DLL. IIS/WebDAV is the know exploit
(attack vector). This patch should be applied to all Windows 2000 systems.
Keith, can you please contact me offline? Simply remove "online". Thanks!
-- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. "Keith W. McCammon" <km@km.com> wrote in message news:O1hcShW7CHA.1816@TK2MSFTNGP10.phx.gbl... > > > Or maybe get rid of the mcse paper tiger they hired and get someone with a > > clue. Apache on windows would be better than IIS on windows. Apache on > the > > others would be even better. Better yet, Zues, Stronghold, or AOLServer. > > OK. This is the oldest, most mundane argument ever. We all know that lots > of lazy sysadmins don't patch their systems. It goes for UNIX as well as > Windows (remember sadmind?). But I think that any educated and experienced > admin can tell you that IIS on Windows can be secured in a manner comparable > to other servers on UNIX or Windows. Hell, I had about 40 intentionally > unpatched systems (client request) at the time of sadmind, CodeRed, and > Nimda, none of which where compromised, because the systems were properly > maintained and configured. > > In short, if your system is waxed by a zero-day exploit, then you blame the > vendor. If it gets hit 6+ months later (as was the case with CodeRed, > Nimda, and sadmind--UNIX and Windows) then you blame the admin. Plain and > simple. > > Can we stop now? > >
- Next message: Kryptat: "help - lastest security patch killed my server"
- Previous message: Steven L Umbach: "Re: Password for Window 2000 will not work after a Microsoft update"
- In reply to: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Next in thread: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Keith W. McCammon: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Reply: Analysis&Solutions: "Re: Microsoft Security Bulletin MS03-007 - 815021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
