Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

If you are a large enterprise, don't miss our IT cost-cutting webinar!

Register today!
Icon for Live Conference on December 8!

Live Conference on December 8!

GET-IT Microsoft Teams Conference

Icon for On-Demand Webinar

On-Demand Webinar

MVP Panel Talk: Do You Need to Backup Microsoft 36...

Icon for Live Webinar Coming Dec. 14th!

Live Webinar Coming Dec. 14th!

Recession Proof Your IT: How to Reduce IT Costs Wi...

Icon for New E-Book

New E-Book

Tracking Tasks in Microsoft 365

Home

Patches and Service Packs

IIS 5.1 Patches

Daniel Petri

 |

Jan 8, 2009

 

IIS is one of the biggest threats to Windows NT, 2000 and XP security!

You must know how to protect your computer from IIS related attacks, and remember that even though you’re using Windows 2000 Professional – you’re still vulnerable to those attacks (IIS is installed by default on all W2K platforms, but not on XP and Windows Server 2003).

Note: Since IIS is such a potential threat to your system, and since my site is usually NOT security oriented, I cannot guarantee your computer’s safety even if you do follow my recommendations. I cannot be held responsible for anything that might happen to you, your computer, or the information stored on it.  I might compile a list of IIS security issues later this month. but till then you can read the TechNet Security Webpage and search for the IIS related issued, and also the Microsoft Security page

IIS 5.1 Required Patches

IIS 5.1 is the version available on Windows XP computers. Although it is not installed by default on XP Pro computers, it’s still a big security concern.
If you have SP1 for XP (and you should), these are the patches that you need to apply to your computer:

October 2004

MS04-030 : Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (824151)

May 2003

MS03-018 : Cumulative Patch for Internet Information Service (811114)
This patch is a cumulative patch that includes the functionality of all security patches released for IIS 5.1 since Windows XP Service Pack 1:

  • 327696 MS02-062: October 2002 Cumulative Patch for Internet Information Services
  • 321599 MS02-028: Heap Overrun in HTR Chunked Encoding Might Enable Web Server Compromise
  • 319733 MS02-018: April 2002 Cumulative Patch for Internet Information Services

Other IIS Patching Tools

You should also look at the IIS Lockdown Tool and URLScan which are valuable tools for “anti-IIS” activity protection:

  • URLScan Security Tool (v2.5) URLscan is a powerful security tool that works in conjunction with the IIS Lockdown Tool to give IIS Web site administrators the ability to turn off unneeded features and restrict the kind of HTTP requests that the server will process. By blocking specific HTTP requests, the URLScan security tool prevents potentially harmful requests from reaching the server and causing damage.
  • IIS Lockdown Tool (v2.1) IIS Lockdown Wizard works by turning off unnecessary features thereby reducing attack surface available to attackers. To provide defense in depth, or multiple layers of protection against attackers, URLscan, with customized templates for each supported server role, has been integrated into the IIS Lockdown Wizard.

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Patches and Service Packs

Shane's SharePoint Watercooler News

Dec 15, 2016 | Shane Young

Microsoft Windows 10 Anniversary Edition -- Better for Professionals

Jul 25, 2016 | Richi Jennings

ISA Server 2000 SP2 Patches

Jan 8, 2009 | Daniel Petri

ISA Server 2004 Patches

Jan 8, 2009 | Daniel Petri

Download ISA Server SP2

Jan 8, 2009 | Daniel Petri

ISA Server SP1 Patches

Jan 8, 2009 | Daniel Petri

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy