[thelist] More on the .printer buffer overflow...

Anthony Baratta Anthony at Baratta.com
Thu May 3 18:53:57 CDT 2001


---------------------------------------------------
All IIS Administrators Please Read this Immediately
---------------------------------------------------
I wanted to get this out right away. More info to follow.

On many servers, the .printer mapping will automatically be reinstated when
the IIS 5 server is rebooted.


The Microsoft Bulletin at
http://www.microsoft.com/technet/security/bulletin/MS01-023.asp states the
following:
-
Servers on which the mapping for the Internet Printing ISAPI extension has
been removed are not at risk from this vulnerability
-
The above statement is misleading.

There is a local policy called "Web Based Printing" that can cause the
.printer mapping to be automatically recreated even if manually removed. I
have been able to regularly reproduce this on some servers, but not others.
Research is happening now. I strongly advise that you apply the patch so in
the event the .printer application mapping reappears without warning, you
are secured.

You can find the Web Based Printing policy in the Group Policy snap-in under
Computer Configuration-Administrative Templates-Printers. Disabling web
based printing results in a registry entry.
HKLM\Software\Policies\Microsoft\windows NT\printers\DisableWebPrinting
REG_DWORD 0x1
This entry must be set to 1 for the .printer mapping to reliably be
disabled.

Brett Hill
www.iisanswers.com

Please redistribute this information.
-------------------------------------





More information about the thelist mailing list