Hi All - A recent posting to BugTraq asked why we didn't identify specific third-party software products that are affected by the "Escape Character Parsing" vulnerability (http://www.microsoft.com/Security/Bulletins/ms99-061.asp). Although we do try to provide as much information regarding security vulnerabilities as possible, we simply can't provide information like this without the consent of the third-party vendors. Even if we could provide a list of third-party products that are known to be affected by the vulnerability, it would become obsolete almost immediately as new versions of the products are released. The safest course of action is to apply the patch if you are running any third-party software atop IIS. This will ensure that your system is protected, regardless of the third-party software you're using now or in the future. Regards, Secureat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:53 PDT