April 22nd, 2003, 10:02 PM
Iv gotta cd with service pack 3, which covers service pack 1&2 for microsoft windows 2000 pro. just wondering does this also cover all the hot fixes and security patches for IIS 5 up until the release of service pack 3. or will i still need to download all the hot fixes.
April 22nd, 2003, 10:04 PM
always, i repeat always download the latest patches/hotfixes...
esp. with IIS
Even though you might patche something twice, it's better to be safe then sorry!
When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
April 22nd, 2003, 10:06 PM
the service packs are "supposed" to have all the hot fixes and patches up to the release of the SP itself... but I have found several missing in previous ones. It doesn't take all that long to download the hot fixes and patches anyway... plus there are probably several critical ones that came out after the SP anyway.
Go surf the knowlegebase on MS, and check out the IIS pages there to find the latest greatest stuff.
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
April 22nd, 2003, 10:08 PM
It supoust that the SP shuld get it, but bether be shure and analyse youre IIS.
April 22nd, 2003, 10:15 PM
You should check the hotfixes and see if they will need to be applied. It used to -- and I'm not sure if it still happens -- but if you applied a SP after a hotfix or vice versa it might break the "fix" and make the vulnerability accessible. Microsoft's website should have information on what order SPs, hotfixes, etc. need to be applied.
Even after setting all the SPs, hotfixes, etc. a vulnerability check of the server using a tool like SAINT, SARA, Retina and/or NMAP should be done to double-check for vulnerabilities or other problems. And remember to document everything so you can rebuild it in case of worse case scenario problems.
April 22nd, 2003, 10:15 PM
done this search on the site for service patches for IIS 5 got these results
although there is no mention on WebDAV vulnerability??? i thought that came out recently...
+ thanks for help...
April 22nd, 2003, 10:18 PM
April 22nd, 2003, 10:32 PM
thanks guys will disable WebDAV manually, from regedit, although need to put service pack 3 on first...
Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableWebDAV
Data type: DWORD
Value data: 1
Restart IIS. This change does not take effect until the IIS service or the server is restarted.