NT IIS MDAC System Privileges Vulnerability

[_/info\_] [_/discussion\_] [_/exploit\_] [_/solution\_] [_/credit\_] [_/help\_]

Install the latest version of MDAC 2.1.2.4202.3 (GA) (also known as MDAC 2.1 SP2) from:
http://www.microsoft.com/data/download.htm
and then consider the following:

If you have MDAC 1.5 or 2.x installed on the IIS server and DO NOT need MDAC functionality, perform
the following:
--Delete the /msdac virtual directory in IIS, or
--Remove the following registry keys and all of their subkeys on the IIS server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls

If you need MDAC capabilties, you should:
--Disable Anonymous Access to the /msdac virtual directory
--Create a Custom Handler to filter incoming requests. More information on this is available at:
http://www.microsoft.com/Data/ado/rds/custhand.htm
these changes have been placed in a registry file:
http://www.microsoft.com/security/bulletins/handsafe.exe
this file implements the following Registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo
"handlerRequired"=dword:00000001
"DefaultHandler"="MSDFMAP.Handler"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP.Handler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP_VB.Handler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\safeHandlerList\MSDFMAP_VC.Handler

           Copyright 1999 Security-Focus.Com, All Rights Reserved
                                disclaimer