RE: CR II - winME? confirmation? (Slightly OT)

From: Matthew Leeds (mleedsat_private)
Date: Thu Aug 09 2001 - 13:13:20 PDT

  • Next message: xSquid: "Re : IE Save as feature & Security zones - curious question"

    Note from the same bulletin:
    
    'The vulnerability can only be exploited if a web session can be established with an affected server. Customers who have installed Index Server or Index Services but not IIS would not be at risk. This is the default case for Windows 2000 Professional.'
    
    and
    
    'So, if IIS is not running on my machine, I’m not affected by the vulnerability?
    
    'That’s correct. Even if you’ve installed Index Server or Indexing Service, the vulnerability could only be exploited if IIS were running.'
    
    It helps to read the entire bulletin.
    
    ---Matthew
    
    *********** REPLY SEPARATOR  ***********
    
    On 8/8/2001 at 1:32 PM Inman, Carey wrote:
    
    >Hi,
    >
    >I would like to offer a quote from MS01-033:
    >
    >"the service would not need to be running in order for an attacker to
    >exploit the vulnerability."
    >
    >http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    >bulletin/MS01-033.asp
    >
    >Carey 
    
     
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:34:00 PDT