[thelist] new NT exploit and bug fix....
Anthony Baratta
Anthony at Baratta.com
Mon Oct 23 13:14:48 CDT 2000
If you are running NT 4.0 or NT 2K, make sure you get the latest hot fix
for both. There is a URL exploit that allows a use to traverse your
directory tree. Initially this was considered an international UNICODE
problem, however exploits are appearing on ButTraq that show this bug is in
the US/English versions as well.
http://www.microsoft.com/technet/security/bulletin/MS00-078.asp
Note: The IIS 4.0 patch can be installed on systems running Windows NT® 4.0
Service Packs 5 and 6a. It will be included in Windows NT 4.0 Service Pack
7. The IIS 5.0 patch can be installed on systems running either Windows®
2000 Gold or Service Pack 1. It will be included in Windows 2000 Service
Pack 2.
Also this fix is listed as a hot patch from August even though this bug was
reported just recently.
I don't normally raise the rabble on bug issues, but this one appears to be
pretty nasty.
----
Anthony Baratta
President
Keyboard Jockeys
More information about the thelist
mailing list