I applied the patch this morning. Everything on my iMail server seems to still be working fine (including webmail).
Wolf Keith Johnson wrote: > Has anyone patched their Imail Server (Win2K) with the below patch. > It was release today and seems to be a nasty one. Thanks for the > info. > > Keith > > - ----------------------------------------------------------------- > Title: Unchecked buffer in Windows component could cause web > server compromise (815021) > Date: 17 March, 2003 > Software: Microsoft Windows 2000 > Impact: Run Code of Attacker's Choice > Max Risk: Critical > Bulletin: MS03-007 > > Microsoft encourages customers to review the Security Bulletins > at: > http://www.microsoft.com/technet/security/bulletin/MS03-007.asp > http://www.microsoft.com/security/security_bulletins/ms03-007.asp > - ----------------------------------------------------------------- > > Issue: > ====== > Microsoft Windows 2000 supports the World Wide Web Distributed > Authoring and Versioning (WebDAV) protocol. WebDAV, defined in > RFC 2518, is a set of extensions to the Hyper Text Transfer > Protocol (HTTP) that provide a standard for editing and file > management between computers on the Internet. A security > vulnerability is present in a Windows component used by WebDAV, > and results because the component contains an unchecked buffer. > > An attacker could exploit the vulnerability by sending a > specially formed HTTP request to a machine running Internet > Information Server (IIS). The request could cause the server to > fail or to execute code of the attacker's choice. The code would > run in the security context of the IIS service (which, by > default, runs in the LocalSystem context). > > Although Microsoft has supplied a patch for this vulnerability > and recommends customers install the patch immediately, > additional tools and preventive measures have been provided that > customers can use to block the exploitation of this vulnerability > while they are assessing the impact and compatibility of the > patch. These temporary workarounds and tools are discussed in the > "Workarounds" section in the FAQ below. > > Mitigating Factors: > ==================== > - URLScan, which is a part of the IIS Lockdown Tool will block > this attack in its default configurations > - The vulnerability can only be exploited remotely if an > attacker can establish a web session with an affected server > > Risk Rating: > ============ > - Critical > > Patch Availability: > =================== > - A patch is available to fix this vulnerability. Please read > the Security Bulletins at > > http://www.microsoft.com/technet/security/bulletin/ms03-007.asp > http://www.microsoft.com/security/security_bulletins/ms03-007.asp > > for information on obtaining this patch. > > _______________________ > > Keith Johnson, MCP > Network Engineer > Network Advocates, Inc. > Tel: 502.412.1050 > Fax: 502.412.1058 > Email: [EMAIL PROTECTED] > > "Good pings come in small packets" > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
