Re: WIN2000 and IIS

From: Marc Fossi (mfossiat_private)
Date: Mon Aug 27 2001 - 15:21:18 PDT

Next message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow"

Previous message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.13] OpenServer: BIND buffer overflows"
In reply to: Margaret CTR Rhodes: "WIN2000 and IIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I tested this here in the lab.

Fresh install of Windows 2000 Advanced Server onto a 5gig clean NTFS
partition.  I accepted all the default settings.  During installation,
when I was asked to select installation components, I unchecked IIS and
continued with installation.

After installation was complete, I checked Services and found no IIS
services to be installed or running.

To test a suggestion someone else had made to Focus-MS, I went into
Add/Remove Programs and selected Add/Remove Windows components.  From
there, I went into the Networking Components list and checked COM Internet
Services Proxy.  When I clicked Ok and was back at the top-level component
selection screen, IIS had automatically been checked off.  If I attempted
to uncheck IIS, a message dialog popped up stating that another component
I was trying to install was dependant on IIS and listed COM Internet
Services Proxy as the component.

I don't believe that this is a bug or a vulnerability, just something to
pay attention to when installing any software or components.

Marc Fossi, MCSE
SecurityFocus
www.securityfocus.com

On Mon, 27 Aug 2001, Margaret CTR Rhodes wrote:

> This may be a subject answered in the past, but I haven't seen anything on it
> lately.
>
> Yesterday, our systems administrator, Mike Miller of RS Information Systems,
> loaded Win2000 on a server and deselected IIS.  Despite this, IIS loaded anyway
> with no notification that the deselection had been ignored.  He tried this a
> couple of times and our Incident Response team is testing it now.  The only way
> he knew that it loaded was that he went in and checked the list of services--and
> there it was!
> Is there any information out there about this on any version of W2K?
>
> There were several people out there that may not have put the patch on because
> they deselected IIS--and then were hit with Code Red.
>
> Here is the configuration of the machine.
>
> It's a Gateway E-5200
> Processor - Pentium III 600 MHZ
> Memory - 256 MB
> Adaptec 29160 Controller
> Hard Drive - IBM DMVS 18.2 GB
> Nic - 3C905c
> Win2000 Basic
>
> Maggie Rhodes
> ISS Analyst
> RS Information Systems
>
>
>

Next message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.14] Open Unix, UnixWare: uidadmin buffer overflow"
Previous message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.13] OpenServer: BIND buffer overflows"
In reply to: Margaret CTR Rhodes: "WIN2000 and IIS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 15:31:39 PDT