Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Дырка в IIS 5 (Internet Printing Protocol buffer overflow)

  How to remove .printer mapping (WAS RE: Permanently remove IIS printer mapping)

   Advisory CA-2001-10

  Windows 2000 .printer remote overflow proof of concept exploit

  Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:04.05.2001
Subject:Updated Information: Internet Printing ISAPI Buffer Overrun

-----BEGIN PGP SIGNED MESSAGE-----

Hi All -

Russ forwarded several queries to us regarding Microsoft Security
Bulletin MS01-023
(http://www.microsoft.com/technet/security/bulletin/MS01-023.asp).
We've updated the bulletin, but I thought it might be helpful to pass
the answers back to the broader NTBugTraq audience.
*       Contrary to the original version of the bulletin, Windows 2000
Professional can be affected by this vulnerability.  The Internet
Printing ISAPI extension is installed by default on Windows 2000
Professional, and it is possible to install IIS 5.0 on a Professional
machine.  
*       If you use the Internet Services Manager to unmap the extension,
you should be aware that this setting can be overridden by group
policy.  Specifically, if Computer Configuration | Administrative
Templates | Printers | Web-based Printing is enabled, it will take
precedence over the settings in the ISM.  (By default, this setting
is not configured).  If you decide to unmap the extension rather than
apply the patch, please be sure to verify that group policy won't
reinstate the extension.

The updated bulletin has additional information, particularly on the
latter issue.  Sorry for any confusion we may have caused.  Regards,

Scott Culp
Security Program Manager
Microsoft Security Response Center

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOvHWtI0ZSRQxA/UrAQGvWAgAl5E+Zay+OOcXN+31Snnx6GaSA1UR+6jh
xIgq+LxIZ4CUh6qjSEbCBQ99DR3H2vHzLAYCtJBNfSyFo0p/Bfr2FacXEuyTC1Uj
yiFKNEsEjBmwRHIjkn5yk8LIcvrnQWYDYs/RRDaGKR13ld4/eUAWosDvHoO3J921
tzaeEJzrOoIQlnD8peJe7PQwnxbTb9BDGBfTAJlGIoaUCzmCuKw24l9Cz8q0tSPX
6usoNZevMXUP0IUQZQTtNTDJ60GWta44nlfP+ps3CZl+R9cYi4+Ze32HbTow+vqq
qdqPMYEGIPtLrI0aiMnMh1EO8DSfnEA99DQeKGEqRXeBlqWTapJAZg==
=SNUw
-----END PGP SIGNATURE-----

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod