Post reply

Message icon:

Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

shortcuts: hit alt+s to submit/post or alt+p to preview

Topic Summary

Posted by: Amker
« on: 08. June 2007., 20:31:14 »

MICROSOFT IS showing all comers how to hack into its Internet Information Server and is not giving any hints how to work around the problem.
The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature.

Apparently versions 5.x allow bypass of basic authentication by using the "hit highlight" feature. The hit-highlighting feature can be used by an unauthorised user to nick documents.

The Internet Storm Centre says that hackers have not used this exploit to take over systems to date, that could well change. Especially now we've told them about it.

The Vole has written up the problem in its Knowledge Base article 328832. Apparently, hit-highlighting with Webhits.dll only relies on the Microsoft Windows NT ACL (Access Control List) configuration on 5.x versions.

Security experts are a bit stunned at the Volish attitude. Rather than supply a patch or workaround, Microsoft published six steps to reproduce the exploit. In otherwords Vole is telling the world how to exploit products being used by their customers.

The official Volish line is that all users should upgrade to IIS (Internet Information Services) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security.

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising