NT IIS MDAC RDS Vulnerability

Solution:
If you have MDAC 1.5 or 2.x installed on the IIS server and DO NOT need MDAC functionality, perform the following:
--Delete the /msadc virtual directory in IIS, or
--Remove the following registry keys and all of their subkeys on the IIS server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls

If you need MDAC capabilties, you should:
--Install the latest version of MDAC 2.1.2.4202.3 (GA) (also known as MDAC 2.1 SP2) from:
http://www.microsoft.com/data/download.htm
--Disable Anonymous Access to the /msdac virtual directory
--Create a Custom Handler to filter incoming requests. More information on this is available at:
http://www.microsoft.com/Data/ado/rds/custhand.htm
these changes have been placed in a registry file:
http://www.microsoft.com/security/bulletins/handsafe.exe
this file implements the following Registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo
"handlerRequired"=dword:00000001
"DefaultHandler"="MSDFMAP.Handler"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP.Handler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP_VB.Handler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP_VC.Handler

--Remove all sample pages.



 

Privacy Statement
Copyright 2010, SecurityFocus