The risk is NOT minimal. I don't know why you think it is, but I still go
through my logs every now and then and see significant Nimda-like attack
attempts. This specific feature (called Allowdotinpath in pre-IIS6 URL-speak)
is now handled by http.sys itself, so the only way to defeat it is for
Heck we've seen a couple of junk emails in the last couple of days get
stuck in Outlook/OWA and we've had to use Exchange edit tools to muck it
out of there [and if the STUPID blog was working I could point you to
the post that links to the tool but since it's NOT and I CAN'T...grumble
Subject: RE: [ActiveDir] OT:[DenyUrlSequences] Outlook Web Access.
The risk is NOT minimal. I don't know why you think it is, but I still go
through my logs every now and then and see significant Nimda-like attack
attempts. This specific feature (called Allowdotinpath in pre-IIS6 URL-speak)
is now
is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Ken Schaefer
Sent: Thu 11/17/2005 8:47 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:[DenyUrlSequences] Outlook Web Access.
I'm confused here.
First you say
-
From: [EMAIL PROTECTED]
Date: Thu, 17 Nov 2005 18:34:03
To:ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT:[DenyUrlSequences] Outlook Web Access.
The risk is NOT minimal. I don't know why you think it is, but I still go
through my logs every now and then and see significant Nimda-like