Patches and Service Packs

IIS 5.0 Patches

 

IIS is one of the biggest threats to Windows NT, 2000 and XP security!

You must know how to protect your computer from IIS related attacks, and remember that even though you’re using Windows 2000 Professional – you’re still vulnerable to those attacks (IIS is installed by default on all W2K platforms, but not on XP and Windows Server 2003).

Note: Since IIS is such a potential threat to your system, and since my site is usually NOT security oriented, I cannot guarantee your computer’s safety even if you do follow my recommendations. I cannot be held responsible for anything that might happen to you, your computer, or the information stored on it.  I might compile a list of IIS security issues later this month. but till then you can read the TechNet Security Webpage and search for the IIS related issued, and also the Microsoft Security page

IIS 5.0 Required Patches

IIS 5.0 is the version installed by default on W2K computers. If you have SP4 for W2K (and you should), these are the patches that you need to apply to your computer:

October 2004

MS04-030 : Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

May 2003

MS03-018 : Cumulative Patch for Internet Information Service (811114)

This patch is a cumulative patch that includes the functionality of all security patches released for IIS 5.0 since Windows 2000 Service Pack 3:

  • 327696 MS02-062: October 2002 Cumulative Patch for Internet Information Services
  • 321599 MS02-028: Heap Overrun in HTR Chunked Encoding Might Enable Web Server Compromise
  • 319733 MS02-018: April 2002 Cumulative Patch for Internet Information Services

Read THIS article on the list of fixes applied to IIS 5.0 after installing SP3 on Windows 2000.

Other IIS Patching Tools

You should also look at the IIS Lockdown Tool and URLScan which are valuable tools for “anti-IIS” activity protection:

  • URLScan Security Tool (v2.5) URLscan is a powerful security tool that works in conjunction with the IIS Lockdown Tool to give IIS Web site administrators the ability to turn off unneeded features and restrict the kind of HTTP requests that the server will process. By blocking specific HTTP requests, the URLScan security tool prevents potentially harmful requests from reaching the server and causing damage.
  • IIS Lockdown Tool (v2.1) IIS Lockdown Wizard works by turning off unnecessary features thereby reducing attack surface available to attackers. To provide defense in depth, or multiple layers of protection against attackers, URLscan, with customized templates for each supported server role, has been integrated into the IIS Lockdown Wizard.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: