prana
03-18-2003, 10:19 PM
If you havent already, if you are using IIS5 in windows 2000, a remotely exploitable vulnerability was released yesterday morning. It was discovered off defaced government websites hence the sploits have been circulating in the underground.
To add to that, the MS patches do not properly cover the unchecked buffers, making this issue extremely difficult.
As a quick fix, if you have to run IIS5, reduce your "default" settings to only what you need, and install an application firewall...
Keep trying MS website for a working patch .....
:D
To add to that, the MS patches do not properly cover the unchecked buffers, making this issue extremely difficult.
As a quick fix, if you have to run IIS5, reduce your "default" settings to only what you need, and install an application firewall...
Keep trying MS website for a working patch .....
:D