Dailydave mailing list archives
Re: LLSSRV Redux
From: Todd Sabin <tsabin () optonline net>
Date: Thu, 17 Mar 2005 15:04:57 -0500
Dave Aitel <dave () immunitysec com> writes:
With regards to the LLSSRV advisory Immunity published yesterday, we would like to issue a clarification. There are two ways to get SP4 onto a Windows 2000 Advanced Server machine, as follows: 1. Download SP4 from microsoft.com via networked or express install 2. Obtain and install a Windows 2000 Advanced Server CD or CD image that includes SP4. This is available from the MSDN CD packages or online download site. You may also have obtained such a CD from a vendor or retailer. The second way is vulnerable; the first way is not.
This suggests that the important difference is not W2K Advanced Server vs plain W2K Server, but whether you manually applied SP4 or not. Presumably, you could also get a W2K Server install that also includes SP4, and that would be vulnerable, too. (I haven't tested this, of course.) -- Todd Sabin <tsabin () optonline net> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- LLSSRV Redux Dave Aitel (Mar 17)
- Re: LLSSRV Redux Todd Sabin (Mar 17)