ms04-007 IIS on 80 and 442 behind firewall

TheMSsForum.com: The Microsoft Software Forum

Hi,

I'm curious if an iis install running on w2k server is behind an firewall
which only opens port 80 and ssl 443 to the world. Is this new Security
vulneraability affecting this install to? I couldnt get this from the
description on the microsoft site, tey really keep it general, see below.

So main question: are webservers behind firewalls affected to? If only
running port 80? If running port 443 SSL?

Second, why is microsoft not a little more specific in whats vulnerable?
Like iis on sll, ntlm auth or whatever, make a big list please, so i can
see which production machines will need to be updated fast, and which can
wait a few days.

thanx,
hjm

---from
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/bulletin/MS04-007.asp>
How could an attacker exploit this vulnerability?
Because ASN.1 is a standard for many applications and devices, there are
many potential attack vectors. To successfully exploit this vulnerability,
an attacker must force a computer to decode malformed ASN.1 data. For
example, when using authentication protocols based on ASN.1 it could be
possible to construct a malformed authentication request that could expose
this vulnerability.
Top

Re: ms04-007 IIS on 80 and 442 behind firewall by caviar

caviar
Wed Feb 11 04:18:47 CST 2004


"caviar" <caviar-at-xsfourall.nl> wrote in message
news:e3J9%23xH8DHA.2064@TK2MSFTNGP11.phx.gbl...
>
> Hi,
>
> I'm curious if an iis install running on w2k server is behind an firewall
> which only opens port 80 and ssl 443 to the world. Is this new Security
> vulneraability affecting this install to? I couldnt get this from the
> description on the microsoft site, tey really keep it general, see below.
>
> So main question: are webservers behind firewalls affected to? If only
> running port 80? If running port 443 SSL?
>
> Second, why is microsoft not a little more specific in whats vulnerable?
> Like iis on sll, ntlm auth or whatever, make a big list please, so i can
> see which production machines will need to be updated fast, and which can
> wait a few days.


I just saw this description from eeye:

http://www.eeye.com/html/Research/Advisories/AD20040210.html

Its much better then the microsoft version..



Top

ms04-007 IIS on 80 and 442 behind firewall by Paul

Paul
Wed Feb 11 06:20:26 CST 2004

Similar issue. What's the recommendation for a private
network bordered by a Firewall, where the only incoming
traffic from the net is pop email and answers to requests
for pages by internal web browsers from Internet websites.

Better advice is needed from MS

Paul F
>-----Original Message-----
>
>Hi,
>
>I'm curious if an iis install running on w2k server is
behind an firewall
>which only opens port 80 and ssl 443 to the world. Is
this new Security
>vulneraability affecting this install to? I couldnt get
this from the
>description on the microsoft site, tey really keep it
general, see below.
>
>So main question: are webservers behind firewalls
affected to? If only
>running port 80? If running port 443 SSL?
>
>Second, why is microsoft not a little more specific in
whats vulnerable?
>Like iis on sll, ntlm auth or whatever, make a big list
please, so i can
>see which production machines will need to be updated
fast, and which can
>wait a few days.
>
>thanx,
>hjm
>
>---from
><http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security
>/bulletin/MS04-007.asp>
>How could an attacker exploit this vulnerability?
>Because ASN.1 is a standard for many applications and
devices, there are
>many potential attack vectors. To successfully exploit
this vulnerability,
>an attacker must force a computer to decode malformed
ASN.1 data. For
>example, when using authentication protocols based on
ASN.1 it could be
>possible to construct a malformed authentication request
that could expose
>this vulnerability.
>
>
>.
>
Top

Re: ms04-007 IIS on 80 and 442 behind firewall by Torgeir

Torgeir
Wed Feb 11 07:43:43 CST 2004

Paul F wrote:

> Similar issue. What's the recommendation for a private
> network bordered by a Firewall, where the only incoming
> traffic from the net is pop email and answers to requests
> for pages by internal web browsers from Internet websites.
>
> Better advice is needed from MS

Hi

Install it.

The only computer that doesn't need this update is a computer that
is not connected to a network...


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter


Top