Server application vulnerabilities
- Remote control applications (pcAnywhere, VNC, WinXP, etc.) are useful, but a major security risk, even when configured properly.
- Personal Web Server, if not patched and configured properly (it is ISS with access limitations, but same security risks, including Code Red). See Microsoft Security patches site for PWS and IIS .
- FTP and Telnet server applications (add on). Windows 2000, XP have a Telnet server. Same problems.
- Countermeasures: limit or do not allow server applications (particularly Internet and remote control) in user machines. Close these ports in the firewall. If you need to run a Web Server in Win9x try Code(red) Hunter, as a protection/detection system.
Denial of Service: DUN 1.3 patch (win 95), 98, ME no need the patch, but malformed requests can be a problem, anyway. Use Win9x behind a user or site firewall to protect from attacks. Use a detection software, like ActivePorts (seen previously).