Why to upgrade to: Front Page 2000 Server Extensions 1.2

[info () IS-WATCH NL (Dimitri van de Giessen)]

Why to upgrade to: Front Page 2000 Server Extensions 1.2
********************************************************

Many user's use frontpage server extensions. But why should 
they upgrade to 1.2? Well...We and according to microsoft 
other company's also, found faults in shtml.dll

First of all internet user's can see your path's. This is 
very simple. Just do: 
www.site.com/_vti_bin/shtml.dll/nosuch.htm
Cannot open "D:\Inetpub\virtuals\powerasp\nosuch.htm": no 
such file or 
folder. 
You'll see the path now. This is not handy as you know. 

The second thing we also found is that if you make enough 
connections to shtml.dll than the server goes to 100%
We've got a screenshot of this handle.

Microsoft knows the problems and they're fixing it in Front 
Page 2000 Server Extensions 1.2

The screenshot's are made on a Windows 2000 machine.
****************************************************

Screenshot's:
http://www.is-watch.nl/inetinfo.gif
http://www.is-watch.nl/100.gif
http://www.is-watch.nl/microsoft.jpg <- Microsoft used also 
sample files on www.microsoft.com :-) (they are now gone)

Response of microsoft about the DoS attack:
*******************************************

-----Oorspronkelijk bericht-----
Van: Microsoft Security Response Center 
[mailto:secure () microsoft com] 
Verzonden: dinsdag 6 juni 2000 4:34
Aan: 'Internet Security Watch'
Onderwerp: RE: DoS attack shtml.dll

Hi Dmitri -

I knew there was something familiar about this issue!  I 
checked our
logs, and it turns out that this is fixed in the web 
release of Front
Page 2000 Server Extensions 1.2, which is due to be 
released to the web
any day now.  Thanks again for writing!

Secure () microsoft com

About Internet Security Watch 
*********************************
We are a company that test the 
security of a company on request. 
www.is-watch.nl 
info () is-watch nl 
PGP: www.is-watch.nl/pgp-info.asc
---------------------------------