It seems someone in Microsoft had a bit of a brain fade when it comes to obscuring the details of how to exploit the security holes in their products. Their usual approach is to make the information as vague as possible, instead some one decided to release exploit code.

In the original release of Knowledge Base article 328832 they included the exploit code for a security issue with IIS5 that can allow an attacker to read the contents of files on the system while bypassing HTTP authentication.

Apparently IIS versions 5.x allows the bypass of basic authentication by using the "hit highlight" feature. This hit-highlighting feature can be used by an unauthorised user to read files off the web server.

Microsoft rather than supply a patch or workaround, originally published six steps to reproduce the exploit. In other words Microsoft is telling the world how to exploit products being used by their customers.

The official line is that all users should upgrade to IIS (Internet Information Services) version 6.0 running on Microsoft Windows Server 2003.

It seems that the Security Police in Redmond have cleaned up their mistake and updated the Knowledge Base article to remove the exploit code, however the exploit is as simple as:

http://www.example.com/null.htw?CiWebhitsfile=/dir1/file1.txt&CiRestriction=none&CiHiliteType=full

Add this page to your favorite Social Bookmarking websites