Why run IIS on Windows XP?

http://ingehenriksen.blogspot.com discovered a Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit on Friday the 16th.
This lends to the debate whether or not a webserver on a desktop PC is a good idea. Obviously, developers have a strong opinion here, so consider the following: run IIS as localhost only, use Windows Firewall to block all web ports, and disable SMTP and Front Page extensions. Disabling Front Page extensions will prevent the above exploit even if the Windows Firewall is off.


Popular posts from this blog

toolsmith #115: Volatility Acuity with VolUtility

Toolsmith Tidbit: XssPy

Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52