[thelist] new NT exploit and bug fix....

Anthony Baratta Anthony at Baratta.com
Mon Oct 23 13:14:48 CDT 2000

If you are running NT 4.0 or NT 2K, make sure you get the latest hot fix 
for both. There is a URL exploit that allows a use to traverse your 
directory tree. Initially this was considered an international UNICODE 
problem, however exploits are appearing on ButTraq that show this bug is in 
the US/English versions as well.


Note: The IIS 4.0 patch can be installed on systems running Windows NT® 4.0 
Service Packs 5 and 6a. It will be included in Windows NT 4.0 Service Pack 
7. The IIS 5.0 patch can be installed on systems running either Windows® 
2000 Gold or Service Pack 1. It will be included in Windows 2000 Service 
Pack 2.

Also this fix is listed as a hot patch from August even though this bug was 
reported just recently.

I don't normally raise the rabble on bug issues, but this one appears to be 
pretty nasty.

Anthony Baratta
Keyboard Jockeys

More information about the thelist mailing list