[22439] in bugtraq
Re: WIN2000 and IIS
daemon@ATHENA.MIT.EDU (Marc Fossi)
Mon Aug 27 18:37:58 2001
Date: Mon, 27 Aug 2001 16:21:18 -0600 (MDT)
From: Marc Fossi <mfossi@securityfocus.com>
To: Margaret CTR Rhodes <Margaret.CTR.Rhodes@faa.gov>
Cc: <bugtraq@securityfocus.com>, <focus-ms@securityfocus.com>
In-Reply-To: <0108279989.AA998934252@faa.gov>
Message-ID: <Pine.GSO.4.30.0108271610050.8037-100000@mail>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I tested this here in the lab.
Fresh install of Windows 2000 Advanced Server onto a 5gig clean NTFS
partition. I accepted all the default settings. During installation,
when I was asked to select installation components, I unchecked IIS and
continued with installation.
After installation was complete, I checked Services and found no IIS
services to be installed or running.
To test a suggestion someone else had made to Focus-MS, I went into
Add/Remove Programs and selected Add/Remove Windows components. From
there, I went into the Networking Components list and checked COM Internet
Services Proxy. When I clicked Ok and was back at the top-level component
selection screen, IIS had automatically been checked off. If I attempted
to uncheck IIS, a message dialog popped up stating that another component
I was trying to install was dependant on IIS and listed COM Internet
Services Proxy as the component.
I don't believe that this is a bug or a vulnerability, just something to
pay attention to when installing any software or components.
Marc Fossi, MCSE
SecurityFocus
www.securityfocus.com
On Mon, 27 Aug 2001, Margaret CTR Rhodes wrote:
> This may be a subject answered in the past, but I haven't seen anything on it
> lately.
>
> Yesterday, our systems administrator, Mike Miller of RS Information Systems,
> loaded Win2000 on a server and deselected IIS. Despite this, IIS loaded anyway
> with no notification that the deselection had been ignored. He tried this a
> couple of times and our Incident Response team is testing it now. The only way
> he knew that it loaded was that he went in and checked the list of services--and
> there it was!
> Is there any information out there about this on any version of W2K?
>
> There were several people out there that may not have put the patch on because
> they deselected IIS--and then were hit with Code Red.
>
> Here is the configuration of the machine.
>
> It's a Gateway E-5200
> Processor - Pentium III 600 MHZ
> Memory - 256 MB
> Adaptec 29160 Controller
> Hard Drive - IBM DMVS 18.2 GB
> Nic - 3C905c
> Win2000 Basic
>
> Maggie Rhodes
> ISS Analyst
> RS Information Systems
>
>
>
