If you trust Microsoft enough, setting Windows to update automatically can ease a lot of headaches.
-- jon mailto:[EMAIL PROTECTED] Thursday, May 29, 2003, 11:24:22 AM, you wrote: KG> That was fast Doug! I saw your patched message and I still haven't seen KG> Mike's original post. KG> -Kevin >> -----Original Message----- >> From: Doug White [mailto:[EMAIL PROTECTED] >> Sent: Thursday, May 29, 2003 10:16 AM >> To: CF-Community >> Subject: Re: Internet Information Services 5.0 Denial of service >> >> >> already patched >> >> ====================================== >> Stop spam on your domain, use our gateway! >> For CF hosting solutions http://www.clickdoug.com >> ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 >> ====================================== >> If you are not satisfied with my service, my job isn't done! >> >> ----- Original Message ----- >> From: "Haggerty, Mike" <[EMAIL PROTECTED]> >> To: "CF-Community" <[EMAIL PROTECTED]> >> Sent: Thursday, May 29, 2003 9:08 AM >> Subject: FW: Internet Information Services 5.0 Denial of service >> >> >> | Anybody on IIS 5.x? >> | >> | M >> | >> | -----Original Message----- >> | From: SPI Labs [mailto:[EMAIL PROTECTED] >> | Sent: Wednesday, May 28, 2003 3:04 PM >> | To: [EMAIL PROTECTED] >> | Subject: Internet Information Services 5.0 Denial of service >> | >> | >> | Internet Information Services 5.0 Denial of service >> | >> | [Release Date] May 29th, 2003 >> | Severity: High >> | >> | [Systems Affected] >> | * Microsoft Information Server 5.0 >> | * Microsoft Information Server 5.1 >> | >> | [Description] >> | >> | If an attacker sends a Webdav request with a body over 49,153 bytes >> | using the 'PROPFIND' or 'SEARCH' request methods, IIS will >> be forced >> | to restart itself. All web server, email, and active ftp >> connections >> | will be terminated, along with a disruption of future >> sessions during >> | the time it takes IIS to restart. The complete advisory is also >> | available from our website at: >> | http://www.spidynamics.com/iis_alert.html >> | >> | [Remediation] >> | Please install the vendor-supplied patch located at >> | http://www.microsoft.com/technet/security/bulletin/MS03-018.asp >> | >> | [Contact Information] >> | >> | SPI Labs >> | SPI Dynamics R&D Team >> | [EMAIL PROTECTED] >> | 115 Perimeter Center Place >> | Suite 270 >> | Atlanta, GA 30346 >> | Phone: (678)781-4800 >> | Toll-Free Phone: (866)774-2700 >> | >> | >> | SPI Dynamics was founded in 2000 by a team of accomplished Web >> | security specialists; SPI Dynamics is the leader in Web application >> | security technology. With such signature products as >> WebInspect, SPI >> | Dynamics is dedicated to protecting companies' most >> valuable assets. >> | SPI Dynamics has created a new breed of Internet security >> products for >> | the Web application, the most vulnerable yet least secure >> component of >> | online business infrastructure. >> | >> | Copyright (c) 2003 SPI Dynamics, Inc. All rights reserved worldwide. >> | >> KG> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=5 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=5 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
