Re: MS Security Bulletin MS04-004 Broke my script

From: Steven Burnett (anonymous_at_discussions.microsoft.com)
Date: 02/03/04

• Next message: Kenrick Fu: "Re: Java Virtual Machine"
• Previous message: H Leboeuf: "Re: kernel32.dll error"
• In reply to: Nevans: "Re: MS Security Bulletin MS04-004 Broke my script"
• Messages sorted by: [ date ] [ thread ]

Date: Tue, 3 Feb 2004 06:35:34 -0800

Nancy,
Thank you so much. Dont I feel like an idiot for not
taking the time to read the ENTIRE bulletin! The
instructions to defeat the behavior is right in the
article :)
>-----Original Message-----
>On Mon, 2 Feb 2004 19:23:01 -0800, Steven Burnett wrote:
>
>> I have been happily making mods to my Broadband router
>> using Task Manager and opening IE with the following
URL:
>> http://-:PASSWORD@192.168.0.1/Gozila.cgi?
>>
PasswdModify=0&filter_ipA3_start=0&filter_ipA3_end=0&filter
>> _ipB3_start=0&filter_ipB3_end=0
>>
>> As the router has no username (nor a way to set one), I
>> found the - worked for null. Now that I applied the
>> latest security patch that command causes a 404Error
Page
>> Can not open.
>>
>> Is there a new way to pass a null username in a URL?
>
>I'm not sure but this excerpt from the "Technical
Details" section of
>the security bulletin on Technet looks like it might
explain what is
>happening to you. Here is the link to the security
bulletin:
>
>http://www.microsoft.com/technet/security/bulletin/ms04-
004.asp
>
>< quote >
>This Internet Explorer cumulative update also includes a
change to the
>functionality of a Basic Authentication feature in
Internet Explorer.
>The update removes support for handling user names and
passwords in HTTP
>and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in
Microsoft
>Internet Explorer. The following URL syntax is no longer
supported in
>Internet Explorer or Windows Explorer after you install
this software
>update:
>
>http(s)://username:password@server/resource.ext
>
>For more information about this change, please see
Microsoft Knowledge
>Base article 834489.
>< unquote >
>
>Nevans
>.
>

• Next message: Kenrick Fu: "Re: Java Virtual Machine"
• Previous message: H Leboeuf: "Re: kernel32.dll error"
• In reply to: Nevans: "Re: MS Security Bulletin MS04-004 Broke my script"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Microsoft Security Bulletin MS03-040 - 828750 ... I created these security newsgroups (.security ... | that even if you are subscribed to our security bulletin notification ... | Microsoft IT Communities ... Cumulative Patch for Internet Explorer Execution ... (microsoft.public.security) Re: Microsoft Security Bulletin MS03-040 - 828750 ... I created these security newsgroups (.security ... | that even if you are subscribed to our security bulletin notification ... | Microsoft IT Communities ... Cumulative Patch for Internet Explorer Execution ... (microsoft.public.security.virus) Re: Microsoft Security Bulletin MS03-040 - 828750 ... I created these security newsgroups (.security ... | that even if you are subscribed to our security bulletin notification ... | Microsoft IT Communities ... Cumulative Patch for Internet Explorer Execution ... (microsoft.public.win2000.security) Re: Microsoft Security Bulletin MS03-040 - 828750 ... Security Patch. ... > that even if you are subscribed to our security bulletin notification ... Cumulative Patch for Internet Explorer Execution ... >> The Microsoft Security Response Center has released Microsoft Security ... (microsoft.public.security) Re: Microsoft Security Bulletin Release for February 2, 2004 ... > MS04-004 - Cumulative Security Update for Internet Explorer ... > Windows Server 2003) ... > bulletin were reported publicly prior to this announcement the Internet ... (microsoft.public.security)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint