Solved

Windows Server 2003 and URL Scan

Posted on 2014-04-21
8
1,426 Views
Last Modified: 2014-04-23
My company converted to McAffee server scans and it is flagging an event

Windows Server 2003 (Service Pack 2)  5182  Microsoft Internet Information Services Remote DoS   Microsoft Internet Information Services contains a vulnerability that may allow for remote denial-of-service attacks.   High      Microsoft Internet Information Server (IIS) is an industry-standard Web server for the Windows platform.

Microsoft Internet Information Services contains a vulnerability that may allow for remote denial-of-service attacks. A specially crafted request sent to the server may render it unresponsive."      CVE-2007-2897       "McAfee is currently unaware of a vendor-supplied patch or update (07/16/2013).

To mitigate the impact of this vulnerability, URLScan can be configured to filter URL requests that cause the denial of service. http://www.iis.net/downloads/microsoft/urlscan

I am wondering what impact this will have on my server if I add it.  It's an old server and I would hate to mess it up but I think they are going to force me to install it.
0
Comment
Question by:kdschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40012520
Any app increases CPU and RAM, thats depends of how many clients has your webserver, if your server has 1 connection per hour URLScan not work same as you have 2k connections.

Best practices recommends do on a lab test before live environment, you can clone your webserver and run on a virtual machine for testing purposes.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40012603
you should have installed urlscan a long time ago.. it has minimal impact and prevents a lot of attacks including sql injection attacks.  Urlscan is a recommended best practice as defined by Microsoft
0
 

Author Comment

by:kdschool
ID: 40012667
When I install it will the default have any impact on who can access the site or will that only be impacted if I add URL's to be restricted.  I am not clear on how it works.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:kdschool
ID: 40012699
It looks like they have already addressed this with automatic updates?  This is a really old hardware server with very little memory left.  We are currently migrating to a new server so if I don't have to add anything at this point I think I would be better off.  Is this the right article for this item?

https://technet.microsoft.com/library/security/ms10-065
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40012760
have you run the Microsoft Baseline Security Analyzer? (MBSA) http://www.microsoft.com/en-ca/download/confirmation.aspx?id=7558
0
 

Author Comment

by:kdschool
ID: 40013045
This is a 32 bit server when I go to this page it's saying.  Will this work on a 32 bit OS?

MBSASetup-x64-EN.msi
0
 

Author Comment

by:kdschool
ID: 40013150
Never mind I found the x86 version will let you know when I install it.
0
 

Author Comment

by:kdschool
ID: 40013182
I ran this and scanned the server. Says everything is good,  no security updates missing and did not flag anything under vunerabilities.  Everything checked out ok.
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WebSite Direction 1 79
windows Server 2003 in 2017 10 109
Urgent domain controller problems 8 92
Domain hosting question about hiding URL 9 51
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question