• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS UNC Mapped Virtual Host Vulnerability

Solution:
Microsoft has released patches which rectify this issue. It should be noted that Proxy Server, Site Server, Site Server Commerce Edition and Microsoft Commercial Internet System run atop IIS. Customers using these products should apply the patch appropriate for the version of IIS they are running.


Microsoft IIS 4.0 alpha

• Microsoft Q249599
  http://download.microsoft.com/download/iis40/Patch/4.2.736.1/ALPHA/EN- US/uncsec4a.exe

Microsoft IIS 4.0

• Microsoft Q249599
  http://download.microsoft.com/download/iis40/Patch/4.2.736.1/NT4/EN-US /uncsec4i.exe

Microsoft IIS 5.0

• Microsoft Q249599
  http://download.microsoft.com/download/win2000platform/Patch/Q249599/N T5/EN-US/Q249599_W2K_SP1_X86_en.EXE