OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: More information on MS00-044
From: Eric (ewsTELLURIAN.NET)
Date: Fri Aug 04 2000 - 14:31:24 CDT

The eEye .htr exploit was patched in June/July of 1999. Bulletin
referencing patch here:
http://www.microsoft.com/technet/security/bulletin/ms99-019.asp

Two separate HTR vulnerabilities were released this year and have been
discussed and patched in Bulletins MS00-031 and MS00-044. All fixes from
MS00-031 were rolled up and included in the MS00-044 patch (for more info,
look at the the FAQ for MS00-044:
http://www.microsoft.com/technet/support/kb.asp?ID=267560)

You can either disable HTR, or, if you need it, you can apply the patch
referenced in MS00-044
(http://www.microsoft.com/technet/security/bulletin/MS00-044.asp) so you
can continue to use .htr in a more secure manner.

At 11:49 AM 8/4/2000 -0700, HB3^ wrote:
>For more information on the '*.htr' exploit look into iishack.asm written by
>eEye last summer.
>I'm not sure if MS has issued a patch for this vulnerability, instead they
>issued a security advisory that told users who didn't use '*.htr' files to
>remove the file mapping from IIS.
>
>
>-----------------------------------------------------------
>HB3^ - Network Administrator, MCP, Security Consultant
>
>"Every System has a Limit" - HB3^
>
>http://www.node.bc.ca - Node Solutions Inc.
>Specializing in Networking, Security and Web Development
>-----------------------------------------------------------

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net