Re: [IMail Forum] Q815021 - Critical Microsoft Patch

[Jeff Reinhardt]

Title: Q815021 - Critical Microsoft Patch

We did not apply the patch released yesterday to our IMail machine because the security issue specifically targets IIS, and since we run IMail on it's own box without IIS, this vulnerability should not exist.   Jeff Reinhardt XFire Software & XFire Web ________________________ http://www.xfireweb.com [EMAIL PROTECTED]     ----- Original Message ----- From: Keith Johnson To: [EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 1:05 PM Subject: [IMail Forum] Q815021 - Critical Microsoft Patch Has anyone patched their Imail Server (Win2K) with the below patch.  It was release today and seems to be a nasty one.  Thanks for the info. Keith - ----------------------------------------------------------------- Title:      Unchecked buffer in Windows component could cause web             server compromise (815021) Date:       17 March, 2003 Software:   Microsoft Windows 2000 Impact:     Run Code of Attacker's Choice Max Risk:   Critical Bulletin:   MS03-007 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-007.asp http://www.microsoft.com/security/security_bulletins/ms03-007.asp - ----------------------------------------------------------------- Issue: ====== Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV, and results because the component contains an unchecked buffer. An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS). The request could cause the server to fail or to execute code of the attacker's choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context). Although Microsoft has supplied a patch for this vulnerability and recommends customers install the patch immediately, additional tools and preventive measures have been provided that customers can use to block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds and tools are discussed in the "Workarounds" section in the FAQ below. Mitigating Factors: ====================  - URLScan, which is a part of the IIS Lockdown Tool will block this attack in its default configurations  - The vulnerability can only be exploited remotely if an attacker can establish a web session with an affected server Risk Rating: ============  - Critical Patch Availability: ===================  - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/bulletin/ms03-007.asp http://www.microsoft.com/security/security_bulletins/ms03-007.asp    for information on obtaining this patch. _______________________ Keith Johnson, MCP Network Engineer Network Advocates, Inc. Tel:       502.412.1050 Fax:      502.412.1058 Email:  [EMAIL PROTECTED] "Good pings come in small packets"