1

We are a .Net developer shop. Our client pretty much looks after their servers in house but can sometimes need some assistance. They are running 2003 R2 (x86) SP1 servers. With regards to the ASP.NET vunerability:

http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

http://support.microsoft.com/kb/2418042

I can not find any information that talks directly about SP1 for 2003. I get the feeling that it is either doesn't effect, or more likely can not be patched until you are at at least SP2. Does anyone know what the situation is please?

Thanks

Jon
  • 353
  • 2
  • 8
  • 20

1 Answers1

1

It looks like Server 2003 R2 SP1 is not mentioned because it is outside of the MS support lifecycle. It may be actually be affected by the vulnerability but it's hard to tell.

How challenging would it be for your client to update their server?

shiitake
  • 379
  • 1
  • 7
  • it sends a shiver down my spin at the thought of getting them to go through the upgrade process... Makes sense why they do not mention it though. I presume it wouldn't install on SP1? Thx – Jon Oct 06 '10 at 17:20
  • 1
    I doubt it would install and you'll probably end up with a horribly unstable system if you manage to trick it into doing so. – Rob Moir Oct 06 '10 at 18:34
  • Jon - my original wording was something along the lines of "Looksl ike you might be in the unenviable position of asking your client ot update their server". Maybe you could recommend hacking their project up in Perl. ;) – shiitake Oct 06 '10 at 18:54