Microsoft IIS Unicode .asp Source Code Disclosure Vulnerability

Solution:
Taken from the VIGILANTE security advisory:

"The Microsoft Security Response Center has investigated the report, but we note that the problem as reported would only affect an IIS server that has been configured to use a FAT volume. However, by design, FAT doesn't provide a security mechanism, and it's never an appropriate file system to use on a production web server. Instead, as discussed in Microsoft's best practices guides and security checklists (http://www.microsoft.com/technet/security/tools.asp), production servers should always use NTFS volumes. The reported problem does not affect systems using NTFS".

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.



 

Privacy Statement
Copyright 2010, SecurityFocus