(this email has also been sent to ntbugtraq)
Hello people!
Am I missing something here, or are there something wrong with MS99-025faq
(www.microsoft.com/security/bulletins/MS99-025faq.asp) ?
The registry keys we're asked to manually remove are these (may be wrapped):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\
Parameters\ADCLaunch\RDSServer.DataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\
Parameters\ADCLaunch\AdvancedDataFactory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\
Parameters\ADCLaunch\VbBusObj.VbBusObjCls
while the downloadable registry file we're asked to double-click
(www.microsoft.com/security/bulletins/handunsf.exe) contains these
adjustments (may be wrapped):
------------------cut here----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo]
"handlerRequired"=dword:00000000
"DefaultHandler"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\
safeHandlerList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\
safeHandlerList\MSDFMAP.Handler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\
safeHandlerList\MSDFMAP_VB.Handler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataFactory\HandlerInfo\
safeHandlerList\MSDFMAP_VC.Handler]
----------------and cut here-------------
I happily comitted the manual changes, then downloaded the reigistry file
just to be sure I hadn't let anything out. None of the keys in this .reg
file exists on my webserver. I guess they indirectly might do the same
service as the manual changes... but why the difference?
cheers,
:-) bblarsen
