Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
•	March debut of 'iPad 3' a sure bet, says analyst
•
•	FBI unbolts Steve Jobs 1991 investigation file
•	Cisco boosted profit, sales in Q2 while cutting costs
•	Four crazy tech ideas from Google's Solve for X project
•	Obama 2012 campaign playlist revealed courtesy of Spotify
•	Oracle buying Taleo for US$1.9 billion in direct hit at SAP
•	Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
•	Pre-rendered pages highlight latest Google Chrome release
•	Microsoft exec: Lync-Skype integration a 'compelling opportunity'
•	The future of hypervisors
•	Microsoft mobile CRM clients may mean more productivity
•	Windows 8 strives for optimal battery life
•	Macs take on the enterprise
•	More breaking news

/

Ask Dr. Intranet

By Steve Blass
Network World, 04/24/00

We use Windows NT Web servers for our intranet, extranet and Web site. We read about a Microsoft Web server in The Wall Street Journal on April 14. What is the problem, and how do we protect our Web servers?

The Journal reported that Microsoft was investigating a claim by two computer experts who said they discovered a password hidden in the Dvwsrr. dll file, which is part of the Front Page 98 Extensions. The file contains the string "!seineew era sreenigne epacsteN" (read it backwards), but it isn't a backdoor password: It is an obfuscation key used to scramble Web server requests. A Microsoft Security Bulletin, available at www.microsoft.com/technet/security/bulletin/ms00-025.asp, describes a buffer-overrun vulnerability in this Visual Interdev 1.0 component installed as part of the Front Page 98 Server Extensions. It is used by Web authors to generate and view Web site maps.

To eliminate the vulnerability, remove the Dvwssr.dll file located by default in the folder '_vti_bin\_vti_aut'. Web servers affected are those built with NT 4.0 Option Pack, Personal Web Server 4.0 or the Front Page 98 Server Extensions. Windows 2000 Web servers, Front Page 2000 Server Extensions, Office 2000 Server Extension and Unix versions of the Front Page Server Extensions do not have this vulnerability.

RELATED LINKS

As a network architect at Change at Work in Houston, Blass understands the strain of developing and managing networks. Send your problems to dr.internet@changeatwork.com

Ask Dr. Internet archive
Past columns.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.