IIS 5.0 and disabling the indexing service.

IIS 5.0 and disabling the indexing service.

am 03.10.2007 15:46:03 von criechton

I had a scan done to my server and this came up.

"Microsoft Internet Information Server Hit Highlighting Authentication
Bypass Vulnerability"

The suggested fix is to upgrade to IIS6.0 , I can't because it's Win2000 std
svr, it also says to disable the indexing service.. How do I do this?

Thank you

Re: IIS 5.0 and disabling the indexing service.

am 03.10.2007 17:12:28 von Roger Abell

If you cannot upgrade to IIS 6 then you should use IISlockdown and
the update to URLscan (2.6 if I recall right). These can be used to
disable access to any of the extensions including those the scan showed
open for hit highlighting. The problem is I am not sure where you can
get the old IISlockdown and URLscan update any more (they seem to
have been removed from Microsoft downloads).

The Indexing Service is listed as that in the services.msc UI

Roger

"criechton" wrote in message
news:7BA945DB-9DE1-4EC1-83E0-06EF57BBC4DE@microsoft.com...
>I had a scan done to my server and this came up.
>
> "Microsoft Internet Information Server Hit Highlighting Authentication
> Bypass Vulnerability"
>
> The suggested fix is to upgrade to IIS6.0 , I can't because it's Win2000
> std
> svr, it also says to disable the indexing service.. How do I do this?
>
> Thank you