Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
Microsoft Security Bulletin MS06-053
Published: 2006-09-12,
Last Updated: 2006-09-12 19:29:06 UTC
by Michael Haisley (Version: 1)
Last Updated: 2006-09-12 19:29:06 UTC
by Michael Haisley (Version: 1)
There is an information disclosure vulnerability in the Indexing Service because of the way that it handles query validation. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site.
Mitigating Factors:
By default, Internet Information Services (IIS) is not installed on Windows XP or on Windows Server 2003.
On Windows Server 2003, the Indexing Service is not enabled by default.
On Windows Server 2003, even when the Indexing Service is installed, by default it is not accessible from IIS. Manual steps are required to enable IIS to become a Web-based interface for the Indexing Service. By default the Indexing Service is used only to perform local and remote file system queries.
Recommendations: Evaluate urgency based on your installation, and apply the patch.
Mitigating Factors:
By default, Internet Information Services (IIS) is not installed on Windows XP or on Windows Server 2003.
On Windows Server 2003, the Indexing Service is not enabled by default.
On Windows Server 2003, even when the Indexing Service is installed, by default it is not accessible from IIS. Manual steps are required to enable IIS to become a Web-based interface for the Indexing Service. By default the Indexing Service is used only to perform local and remote file system queries.
Recommendations: Evaluate urgency based on your installation, and apply the patch.
Keywords:
0 comment(s)Comments
New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form
Diary Archives
