Microsoft Fixes IE, NT Bugs
- By Scott Bekker
- December 10, 1999
Microsoft released one patch to block an exploit that allows a Web site operator to view files on visiting users' computers and another patch to fix a
bug that can cause a Windows NT machine to stop responding to service requests without appearing to crash.
The Web vulnerability is found in Internet Explorer versions 4.01, 5, and
5.01. To access a file on a Web site visitors' machine, a malicious Web site
operator must know the name and location of the file. The exploit takes
advantage of timing conditions to bypass Internet Explorer security
restrictions when it executes a server-side redirect from a client window the
Web server is permitted to view to a client-local file it is not supposed to be
able to access. The patch is available at http://www.microsoft.com/windows/ie/security/servredir.asp.
The other attack, which comes in the form of a malformed argument supplied
to a resource enumeration request, causes a cascade of failures that leave the
system running but not in service. The Windows NT Service Control Manager fails
first, causing named pipes to fail, which then prevent many other types of
system services from operating. The situation requires a reboot.
Microsoft offers a few workarounds including blocking NetBios requests at
the firewall and disabling anonymous logons for null sessions to submit
The x86 patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16382.
The Alpha patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16383.
Microsoft is working on a patch for Windows NT 4.0, Terminal Server Edition. --
Scott Bekker is editor in chief of Redmond Channel Partner magazine.