FRAMINGHAM (04/24/2000) - We use Windows NT Web servers for our intranet, extranet and Web site. We read about a Microsoft Corp. Web server in The Wall Street Journal on April 14. What is the problem, and how do we protect our Web servers?
The Journal reported that Microsoft was investigating a claim by two computer experts who said they discovered a password hidden in the Dvwsrr.dll file, which is part of the Front Page 98 Extensions. The file contains the string "!seineew era sreenigne epacsteN" (read it backwards), but it isn't a backdoor password: It is an obfuscation key used to scramble Web server requests. A Microsoft Security Bulletin, available at www.microsoft. com/technet/security/bulletin/ ms00-025.asp, describes a buffer-overrun vulnerability in this Visual Interdev 1.0 component installed as part of the Front Page 98 Server Extensions. It is used by Web authors to generate and view Web site maps.
To eliminate the vulnerability, remove the Dvwssr.dll file located by default in the folder '_vti_bin\_vti_aut'. Web servers affected are those built with NT 4.0 Option Pack, Personal Web Server 4.0 or the Front Page 98 Server Extensions. Windows 2000 Web servers, Front Page 2000 Server Extensions, Office 2000 Server Extension and Unix versions of the Front Page Server Extensions do not have this vulnerability.
Blass is a network architect at Sprint Paranet in Houston. He can be contacted at email@example.com.