RE: CR II - winME? confirmation? (Slightly OT)

• Previous message: Enrique A. Compañ Gzz.: "Re: Winnt/Win2k Vuln ?"
• In reply to: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"
• Next in thread: Thorat_private: "Re: CR II - winME? confirmation? (Slightly OT)"
• Next in thread: William T. Barrett: "RE: CR II - winME? confirmation? (Slightly OT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Note from the same bulletin:

'The vulnerability can only be exploited if a web session can be established with an affected server. Customers who have installed Index Server or Index Services but not IIS would not be at risk. This is the default case for Windows 2000 Professional.'

and

'So, if IIS is not running on my machine, I’m not affected by the vulnerability?

'That’s correct. Even if you’ve installed Index Server or Indexing Service, the vulnerability could only be exploited if IIS were running.'

It helps to read the entire bulletin.

---Matthew

*********** REPLY SEPARATOR  ***********

On 8/8/2001 at 1:32 PM Inman, Carey wrote:

>Hi,
>
>I would like to offer a quote from MS01-033:
>
>"the service would not need to be running in order for an attacker to
>exploit the vulnerability."
>
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
>bulletin/MS01-033.asp
>
>Carey 

 

• Next message: xSquid: "Re : IE Save as feature & Security zones - curious question"
• Previous message: Enrique A. Compañ Gzz.: "Re: Winnt/Win2k Vuln ?"
• In reply to: Inman, Carey: "RE: CR II - winME? confirmation? (Slightly OT)"
• Next in thread: Thorat_private: "Re: CR II - winME? confirmation? (Slightly OT)"
• Next in thread: William T. Barrett: "RE: CR II - winME? confirmation? (Slightly OT)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:34:00 PDT