Re: Update to ODBC/RDS vulnerabilities (followup)

[rfp () WIRETRIP NET (rfp () WIRETRIP NET)]

Alrighty, well I finally got back home to double check everything.
Unfortunately, and not on purpose, I destroyed of the evidence last night.
:)  I wiped two of my server installs in preparation for installation of a
new project...last night was one last 'look' at the IIS/ODBC setup before
I formatted and put on different softwares.  So, unfortunately, I cannot
verify what I found last night.  That said, I'm willing to retract it,
because what Mr. LeBlanc says is obviously right, and makes sense.
Somehow, somewhere, I had a botch that must have been me-specific.  So
that means the changes to that note are basically that users have to be on
the box, and if you have users logging into your IIS server, you have
other problems. :)  I suppose a user could use this tactic to gain local
administrator via PWS or something similar.  Just a thought.

The UNC for the file in the RDS/ODBC thing still stands tho, even with the
catchs Mr. LeBlanc pointed out.

One big mystery,
.r.f.p.