Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1580
HistoryMay 04, 2001 - 12:00 a.m.

Updated Information: Internet Printing ISAPI Buffer Overrun

2001-05-0400:00:00
vulners.com
20

-----BEGIN PGP SIGNED MESSAGE-----

Hi All -

Russ forwarded several queries to us regarding Microsoft Security
Bulletin MS01-023
(http://www.microsoft.com/technet/security/bulletin/MS01-023.asp).
We've updated the bulletin, but I thought it might be helpful to pass
the answers back to the broader NTBugTraq audience.

  •   Contrary to the original version of the bulletin, Windows 2000
    

Professional can be affected by this vulnerability. The Internet
Printing ISAPI extension is installed by default on Windows 2000
Professional, and it is possible to install IIS 5.0 on a Professional
machine.

  •   If you use the Internet Services Manager to unmap the extension,
    

you should be aware that this setting can be overridden by group
policy. Specifically, if Computer Configuration | Administrative
Templates | Printers | Web-based Printing is enabled, it will take
precedence over the settings in the ISM. (By default, this setting
is not configured). If you decide to unmap the extension rather than
apply the patch, please be sure to verify that group policy won't
reinstate the extension.

The updated bulletin has additional information, particularly on the
latter issue. Sorry for any confusion we may have caused. Regards,

Scott Culp
Security Program Manager
Microsoft Security Response Center

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOvHWtI0ZSRQxA/UrAQGvWAgAl5E+Zay+OOcXN+31Snnx6GaSA1UR+6jh
xIgq+LxIZ4CUh6qjSEbCBQ99DR3H2vHzLAYCtJBNfSyFo0p/Bfr2FacXEuyTC1Uj
yiFKNEsEjBmwRHIjkn5yk8LIcvrnQWYDYs/RRDaGKR13ld4/eUAWosDvHoO3J921
tzaeEJzrOoIQlnD8peJe7PQwnxbTb9BDGBfTAJlGIoaUCzmCuKw24l9Cz8q0tSPX
6usoNZevMXUP0IUQZQTtNTDJ60GWta44nlfP+ps3CZl+R9cYi4+Ze32HbTow+vqq
qdqPMYEGIPtLrI0aiMnMh1EO8DSfnEA99DQeKGEqRXeBlqWTapJAZg==
=SNUw
-----END PGP SIGNATURE-----