service packs

Printable View

April 22nd, 2003, 10:02 PM
Ru$kb0y

service packs

Iv gotta cd with service pack 3, which covers service pack 1&2 for microsoft windows 2000 pro. just wondering does this also cover all the hot fixes and security patches for IIS 5 up until the release of service pack 3. or will i still need to download all the hot fixes.

thanks Rboy.
April 22nd, 2003, 10:04 PM
pr0letariat

always, i repeat always download the latest patches/hotfixes...
esp. with IIS :(

Even though you might patche something twice, it's better to be safe then sorry!
April 22nd, 2003, 10:06 PM
Lv4

the service packs are "supposed" to have all the hot fixes and patches up to the release of the SP itself... but I have found several missing in previous ones. It doesn't take all that long to download the hot fixes and patches anyway... plus there are probably several critical ones that came out after the SP anyway.

Go surf the knowlegebase on MS, and check out the IIS pages there to find the latest greatest stuff.
April 22nd, 2003, 10:08 PM
XDrack

It supoust that the SP shuld get it, but bether be shure and analyse youre IIS.

xDRack
April 22nd, 2003, 10:15 PM
MrLinus

You should check the hotfixes and see if they will need to be applied. It used to -- and I'm not sure if it still happens -- but if you applied a SP after a hotfix or vice versa it might break the "fix" and make the vulnerability accessible. Microsoft's website should have information on what order SPs, hotfixes, etc. need to be applied.

Even after setting all the SPs, hotfixes, etc. a vulnerability check of the server using a tool like SAINT, SARA, Retina and/or NMAP should be done to double-check for vulnerabilities or other problems. And remember to document everything so you can rebuild it in case of worse case scenario problems.

Good luck.
April 22nd, 2003, 10:15 PM
Ru$kb0y

done this search on the site for service patches for IIS 5 got these results

http://www.microsoft.com/technet/tre...t1=go&isie=yes

although there is no mention on WebDAV vulnerability??? i thought that came out recently...

Rboy
+ thanks for help...
April 22nd, 2003, 10:18 PM
MrLinus

ru$kboy,

Would these help?

http://www.iisanswers.com/articles/Webdav.htm

http://www.entercept.com/news/uspr/03-17-03.asp
April 22nd, 2003, 10:32 PM
Ru$kb0y

thanks guys will disable WebDAV manually, from regedit, although need to put service pack 3 on first...

micro$oft say...

Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters

On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableWebDAV
Data type: DWORD
Value data: 1

Restart IIS. This change does not take effect until the IIS service or the server is restarted.

...neway lol

Rboy