------=_NextPart_000_0055_01C32912.15F82540
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In SPI Dynamics own advisory it mentions that IIS will restart itself -
whilst this is true, by supplying a specific number of bytes, we can
terminate all the threads, but leaving INETINFO still alive. Despite
INETINFO not dying, the process will no longer serve any requests.
This provides a more effective denial of service attack as the administrator
would be required to restart the service manually.
Again, if you have not yet patched your servers, the patch can be obtained
at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-018.asp
Regards
Mark Litchfield
NGS Software Ltd
http://www.ngssoftware.com/
Tel: +44 208 40 100 70 (London)
Tel: +44 1241 431 267
Mobile: +44 790 069 5236
Email: mark@ngssoftware.com
------=_NextPart_000_0055_01C32912.15F82540--
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
