Thomas Frerichs wrote: > > It also infects Personal Web Server on Win 2K professional. I know. Hmmm. Isn't "Personal Web Server" on a w2k machine really just IIS5? A Microsoft document indicates that if a machine running PWS is upgraded to w2k, IIS will be installed by default (with no patches of course): http://support.microsoft.com/support/kb/articles/Q266/4/56.ASP On a side note, PWS seems to be a lost cause anyway. The oft-exploited URL decoding defect isn't even slated to be patched and a Microsoft security spokeman said on one of the vulnerability listservs that PWS was only for "protected networks": http://www.jmu.edu/computing/info-security/engineering/issues/ms_pws.htm -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 10:51:34 PDT