ISAPI Patch and WindowsUpdate

Daniel G. Epstein depstein at
Fri Jul 20 02:48:24 GMT 2001

Hey all,

Just an additional note here, the updater application at does not seem to display the relevant 
patch, Q300972, as being necessary for a system that is not running either 
the Index Server or Indexing Service.  However default installations of 
both IIS 4 and 5 are still vulnerable to this exploit even if the service 
is not installed.  Therefore, the patch must be downloaded from the actual 
KB site, which many users will not visit.  Interestingly, they also say you 
must reinstall this patch every time you update the system.  Maybe this 
will properly be fixed in SP3.



A boast of "I have been's,"   | Daniel G. Epstein
quoted from foolscap tomes,   | Network Security Officer,
is a shadow brushed away      | Network Security & Enterprise
by an acorn from an oak tree, |  Network Systems Administration
or a salmon in a pool.        | NSIT, The University of Chicago
                               | depstein at

For PGP key see

More information about the unisog mailing list