Article ID: 217763
Article Last Modified on 3/29/2007
APPLIES TO
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Personal Web Server 4.0
- Microsoft FrontPage 97 Standard Edition
- Microsoft FrontPage 98 Standard Edition
- Microsoft Windows 98 Standard Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
This article was previously published under Q217763
SYMPTOMS
When you use either Microsoft Personal Web Server or Microsoft FrontPage Personal Web Server (PWS) on a computer running Microsoft Windows 95, Windows 98, or Windows NT 4.0, it may be possible for an unauthorized user to read or copy files from your computer using basic Internet browser software. The unauthorized user must request the file using a specific, non-standard URL, and must know or correctly guess the name of the file. Files cannot be modified or deleted, and new files cannot be written to the server.
RESOLUTION
Windows NT Server or Workstation 4.0
This issue may affect two different products with similar names: Personal Web Server and FrontPage Personal Web Server.
- Personal Web Server is available as part of Microsoft Windows NT 4.0 Option Pack (NTOP), Windows 98, and Windows 95 OEM Service Release 2.
The Personal Web Server 4.0 program included with NTOP and the Windows 98 version of Personal Web Server 4.0 are affected by this issue.
The Personal Web Server program included with Windows 95 OEM Service Release 2 is not affected. No other version of Personal Web Server (on any platform) is affected.
- FrontPage Personal Web Server is available as part of FrontPage 1.1, FrontPage 97, and FrontPage 98 and is affected by this issue. However, FrontPage 97 and FrontPage 98 users may not have FrontPage Personal Web Server installed. By default, FrontPage 97 and FrontPage 98 install Personal Web Server 2.0, which is not affected by this issue.
How to Determine If You Are Using Personal Web Server 4.0
- Right-click the Personal Web Server icon on the right side of the taskbar, and then click Properties.
- If the Personal Web Manager dialog box appears, you have Personal Web Server version 4.0 installed and are affected by this issue. If the dialog box has any other title, you are not running PWS version 4.0 and you are not affected. You do not need the patch described in this article.
If you have Personal Web Server 4.0 installed on a computer running Windows 95 or Windows 98, you should obtain the latest Personal Web Server 4.0 security patch.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name Platform ------------------------------------------------------------------ 02/18/99 04:01pm 4.02.0685 328,000 Asp.dll Win95/98 02/18/99 04:00pm 4.02.0685 55,392 Httpodbc.dll Win95/98 02/18/99 03:59pm 4.02.0685 62,432 Iislog.dll Win95/98 02/18/99 03:59pm 4.02.0685 184,208 Infocomm.dll Win95/98 02/18/99 03:59pm 4.02.0685 29,520 Iscomlog.dll Win95/98 02/18/99 04:00pm 4.02.0685 11,248 Iwrps.dll Win95/98 02/18/99 03:58pm 4.02.0685 71,232 Metadata.dll Win95/98 02/18/99 04:00pm 4.02.0685 227,424 W3svc.dll Win95/98 02/18/99 03:59pm 4.02.0685 87,504 Wam.dll Win95/98
You can download the patch from the Microsoft Download Center.
The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. If you have Personal Web Server 4.0 installed on a computer running Windows NT 4.0:
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:
- 152734 how to obtain the latest windows nt 4.0 service pack
For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
How to Determine If You Are Using FrontPage Personal Web Server
- After starting FrontPage, click Open FrontPage Web on the File menu, click More Webs, and then click List Webs.
- If you have FrontPage Personal Web Server installed, a taskbar icon named "Web Server idle" appears on the taskbar. If the icon does not appear on the taskbar, you do not have FrontPage Personal Web Server installed.
To Apply the Patch
- If you are using FrontPage 1.1 or FrontPage 97, and you have FrontPage Personal Web Server installed, please see the following article in the Microsoft Knowledge Base:
217765 FP97: Security Patch for FrontPage Personal Web Server
- If you are using FrontPage 98, and you have FrontPage Personal Web Server installed, please see the following article in the Microsoft Knowledge Base:
216453 FP98: Security Patch for FrontPage Personal Web Server
If you experience difficulties installing the patch or require technical assistance with the patch, please contact Microsoft Product Support Services. For information about contacting Microsoft Product Support Services, please visit the following Microsoft Web site:
NOTE: Personal Web Server (all versions) running on Microsoft Windows NT 4.0 is not affected by this issue.
Windows NT Server 4.0, Terminal Server Edition
To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows NT Server version 4.0, Terminal Server Edition Service Pack 6.
MORE INFORMATION
For more information about this vulnerability, please see the following Microsoft Web site:
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
For more information about Windows 98 and Windows 98 Second Edition hotfixes, click the following article number to view the article in the Microsoft Knowledge Base:
206071 General Information About Windows 98 and Windows 98 Second Edition Hotfixes
Keywords: kbhotfixserver kbqfe kbdownload kbbug kbfix kbgraphxlinkcritical kbinterop kbnetwork KB217763