-
IIS KBs - January 2004
-
Published January 2004.
834452 Best practices with custom error pages
833891 How to resolve Retain in Memory and Unattended Execution problems in ActiveX controls that are running on IIS
824413 You receive an HTTP 500 error message for POST requests that are larger than 64 MB when you use NTLM authentication
-
Checklist: Securing Your Web Server
-
Secure your web server with this security checklist by Microsoft:
Checklist: Securing Your Web Server
http://msdn.microsoft.com/library/en-us/secmod/html/secmod104.asp
-
Book - Microsoft Internet Information Services (IIS) 6.0 Resource Kit
-
Name: Microsoft Internet Information Services (IIS) 6.0 Resource Kit
Publisher: Microsoft Press; (September 6, 2003)
ISBN: 0735614202
Author(s):The Microsoft IIS Team
-
Book - IIS 6 Administration
-
Name: IIS 6 Administration
Publisher: Osborne Pub; (April 10, 2003)
ISBN: 0072194855
Author(s): Mitch Tulloch, MCT, MCSE, skillfully guides readers through the administration of Web service, security, application pools, performance, and much more. Learn valuable configuration, maintenance, and content management techniques, manage the FTP, SMTP, and NNTP services, and easily troubleshoot documentation and content development issues.
-
MS04-007
-
I strongly recommend you to patch your machine in regards of MS04-007 vulnerability, I just read another offical warning from MS, look like there'll be new worms and virus against this very soon, please patch your machine now:
---
The Services and Field Security Support Team is sending this alert you of a possible change in the threat environment surrounding MS04-007. Specifically, we are aware that sample exploit code (also known as "Proof of Concept" code) has been made publicly available for the vulnerability addressed by MS04-007. This sample code only demonstrates a denial of service attack, it does not demonstrate remote code execution. In addition, we are aware of general increased activity around this vulnerability. We are not currently aware of any published sample exploit code that demonstrates remote arbitrary code execution.
We are NOT aware of any active attacks against the vulnerability addressed by MS04-007.
However, the presence of sample exploit code and heightened activity around this vulnerability does potentially change the threat environment because the existence of sample code can make it easier for an active exploit to be developed and released. We are therefore urging customers to immediately apply the security update to protect themselves from any possible exploits which may be developed.
Information on Microsoft Security Bulletin MS04-007 and its associated security update can be found here:
http://www.microsoft.com/technet/security/bulletin/ms04-007.asp
If you have any questions regarding this alert, you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
---
For other details in February, you can get it here -
Bulletins Summaries:
Windows: http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
Microsoft Macintosh Products:
http://www.microsoft.com/technet/security/bulletin/macfeb04.asp
-
MSF
-
Microsoft Solution Framework or MSF in short :)
I actually do quite a bit of study of this back then about 3 years ago in my ex-company and found it very nice indeed. A process guideline to built and deploy your topnotch solution.
Intro ...
MSF provides proven practices for planning, building, and deploying a variety of technology solutions, combining aspects of software design and development and building and deploying infrastructure into a single project lifecycle for guiding technology solutions of all kinds. MSF helps organizations achieve a delicate balance of flexibility while meeting commitments; speed while minimizing risk....
More detail - www.microsoft.com/msf/
And today I found this post in msf newsgroup, nice resource info + MSF Practitioner exam info.
http://weblogs.asp.net/lbarbieri/articles/MSF_Resources.aspx
FYI, I did plan to go for the exam last year.. but then again busy + lazy :)
-
IE Security Update - http://support.microsoft.com/?id=834489
-
On 3/2/04 - Microsoft released the IE patch...
http://www.microsoft.com/technet/security/Bulletin/MS04-004.asp
Many complaint that it violate the RFC spec.... I think the RFC is not clear, here's some expert's view -
Micheal Howard -
http://blogs.msdn.com/michael_howard/archive/2004/02/04/67622.aspx
Jerry Bryant -
http://msmvps.com/secure/posts/2259.aspx