Administrators are encouraged to implement URLScan to limit the lengths of URLs passed to the IIS system. TruSecure recommends the following settings:
If longer strings are required, the values can be adjusted. TruSecure recommends that the maximum length not exceed 2,048 bytes.
Administrators can also adjust the value of the the following registry key:
This registry setting controls the buffer size for all data passing through the IIS system and could affect services such as Outlook Web Access (OWA) or file uploads. Microsoft IIS 5.0 sets this value at 128 KB, and TruSecure believes that this modification is useful only if the value is set for less than 2 KB.
Additional information regarding this modification is outlined in Microsoft Knowledge Base Article 260694.
Running the Lockdown tool and URLScan tool can cause operational problems on some web servers. Administrators can manually disable WebDAV following the instructions included in Microsoft Knowledge Base Article 241520.
Systems running a version of ntoskrnl.exe prior to Windows 2000 SP3, but after Windows 2000 SP2, may not be compatible with the patch released in MS03-007. These versions of ntoskrnl.exe include 5.0.2195.4797 through 2.0.2195.4928 inclusive.
A system with these versions of ntoskrnl.exe will report as a Windows 2000 SP2 system when the operating system version is checked. The ntoskrnl.exe version can only be distinguished from other SP2 systems by checking the file details.
Users should check their ntoskrnl.exe version prior to updating. The version can be obtained through the following process:
- Open %Windows%\System32
- Right-click the file ntoskrnl.exe
- Select the Properties option
- Select the Version tab
If updating the system with a version of ntoskrnl.exe distributed from PSS, contact PSS before applying the patch. Contact information for PSS can be found at the following link: Microsoft Support. However, Microsoft strongly encourages users to upgrade to SP3 to avoid this issue altogether. Users with vulnerable versions are advised to upgrade to Windows 2000 SP3 prior to applying the MS03-007 patch.
The incompatible versions of ntoskrnl.exe were only available through Microsoft PSS. However, there are also 12 unspecified hotfixes that could also cause the STOP error. These could have been obtained through the use of Windows Update. If administrators have configured Windows Update to automatically download and install updates from Microsoft they are strongly encouraged to halt scheduled updates and check the current version of ntoskrnl.exe. If the version is one of the incompatible versions, administrators are strongly encouraged to upgrade to Windows 2000 SP3 before installing the patch from MS03-007.