|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-ID: <51F912F2A6CDD111810A00600811BA4201C208A1@TEA05> Date: Thu, 3 May 2001 08:09:07 -0400 Reply-To: "Turner, Keith" <TurnerL@TEA-EMH1.ARMY.MIL> From: "Turner, Keith" <TurnerL@TEA-EMH1.ARMY.MIL> X-To: "railwayclubposse@HUSHMAIL.COM" <railwayclubposse@HUSHMAIL.COM> To: BUGTRAQ@SECURITYFOCUS.COM This is from another list I receive. It explains this scenario rather well. Keith --------------------------------------------------- All IIS Administrators Please Read this Immediately --------------------------------------------------- I wanted to get this out right away. More info to follow. On many servers, the .printer mapping will automatically be reinstated when the IIS 5 server is rebooted. The Microsoft Bulletin at http://www.microsoft.com/technet/security/bulletin/MS01-023.asp states the following: - Servers on which the mapping for the Internet Printing ISAPI extension has been removed are not at risk from this vulnerability - The above statement is misleading. There is a local policy called "Web Based Printing" that can cause the .printer mapping to be automatically recreated even if manually removed. I have been able to regularly reproduce this on some servers, but not others. Research is happening now. I strongly advise that you apply the patch so in the event the .printer application mapping reappears without warning, you are secured. You can find the Web Based Printing policy in the Group Policy snap-in under Computer Configuration-Administrative Templates-Printers. Disabling web based printing results in a registry entry. HKLM\Software\Policies\Microsoft\windows NT\printers\DisableWebPrinting REG_DWORD 0x1 This entry must be set to 1 for the .printer mapping to reliably be disabled. Brett Hill www.iisanswers.com Please redistribute this information. ------------------------------------- -----Original Message----- From: railwayclubposse@HUSHMAIL.COM [mailto:railwayclubposse@HUSHMAIL.COM] Sent: Tuesday, May 01, 2001 6:35 PM To: BUGTRAQ@SECURITYFOCUS.COM Subject: Permanently remove iis printer mapping How do you permanently remove the .printer mapping in IIS5? If you remove it with the MMC tool it comes back (and so does the virtual directory) upon reboot. Free, encrypted, secure Web-based email at www.hushmail.com
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |