|
NT IIS MDAC RDS Vulnerability
Solution: If you have MDAC 1.5 or 2.x installed on the IIS server and DO NOT need MDAC functionality, perform the following: --Delete the /msadc virtual directory in IIS, or --Remove the following registry keys and all of their subkeys on the IIS server: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls If you need MDAC capabilties, you should: --Install the latest version of MDAC 2.1.2.4202.3 (GA) (also known as MDAC 2.1 SP2) from: http://www.microsoft.com/data/download.htm --Disable Anonymous Access to the /msdac virtual directory --Create a Custom Handler to filter incoming requests. More information on this is available at: http://www.microsoft.com/Data/ado/rds/custhand.htm these changes have been placed in a registry file: http://www.microsoft.com/security/bulletins/handsafe.exe this file implements the following Registry keys: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo "handlerRequired"=dword:00000001 "DefaultHandler"="MSDFMAP.Handler" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP.Handler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP_VB.Handler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP_VC.Handler --Remove all sample pages. |
|
|
Privacy Statement |
