By default, Internet Information Services (IIS) is not installed on Windows XP or on Windows Server 2003. This patch is not needed if it is not installed.
---------------------------------------------------------------------- TITLE: Microsoft Windows Indexing Service Cross-Site Scripting SECUNIA ADVISORY ID: SA21861 VERIFY ADVISORY: http://secunia.com/advisories/21861/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised by the Indexing service before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session. Successful exploitation requires that the Indexing service is accessible through IIS. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=778294ae-c5e3-4f17-b0e4-308e46e00105 Windows XP SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=2731c0bf-6034-4c16-bb57-66e70a31a3d6 Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=3f604b2a-1383-4a45-b25b-c468deefbfc1 Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=0182e8e7-9755-46cc-a393-c1e95fd508b2 Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=e3e4a66c-ca9d-453b-8875-fb57528117ac Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=acf35f34-0d26-4b79-b81f-1111a784a66d ORIGINAL ADVISORY: MS06-053 (KB910729): http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
