File access vulnerability in Personal Web Server

Article translations Article translations
Article ID: 217763 - View products that this article applies to.
This article was previously published under Q217763
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Symptoms

When you use either Microsoft Personal Web Server or Microsoft FrontPage Personal Web Server (PWS) on a computer running Microsoft Windows 95, Windows 98, or Windows NT 4.0, it may be possible for an unauthorized user to read or copy files from your computer using basic Internet browser software. The unauthorized user must request the file using a specific, non-standard URL, and must know or correctly guess the name of the file. Files cannot be modified or deleted, and new files cannot be written to the server.

Resolution

Windows NT Server or Workstation 4.0

This issue may affect two different products with similar names: Personal Web Server and FrontPage Personal Web Server.
  • Personal Web Server is available as part of Microsoft Windows NT 4.0 Option Pack (NTOP), Windows 98, and Windows 95 OEM Service Release 2.

    The Personal Web Server 4.0 program included with NTOP and the Windows 98 version of Personal Web Server 4.0 are affected by this issue.

    The Personal Web Server program included with Windows 95 OEM Service Release 2 is not affected. No other version of Personal Web Server (on any platform) is affected.
  • FrontPage Personal Web Server is available as part of FrontPage 1.1, FrontPage 97, and FrontPage 98 and is affected by this issue. However, FrontPage 97 and FrontPage 98 users may not have FrontPage Personal Web Server installed. By default, FrontPage 97 and FrontPage 98 install Personal Web Server 2.0, which is not affected by this issue.

How to Determine If You Are Using Personal Web Server 4.0

  1. Right-click the Personal Web Server icon on the right side of the taskbar, and then click Properties.
  2. If the Personal Web Manager dialog box appears, you have Personal Web Server version 4.0 installed and are affected by this issue. If the dialog box has any other title, you are not running PWS version 4.0 and you are not affected. You do not need the patch described in this article.
If you have Personal Web Server 4.0 installed on a computer running Windows 95 or Windows 98, you should obtain the latest Personal Web Server 4.0 security patch.

The English version of this fix should have the following file attributes or later:
You can download the patch from the Microsoft Download Center.

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Pwssecup.exe now
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. If you have Personal Web Server 4.0 installed on a computer running Windows NT 4.0:

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:
  • 152734 how to obtain the latest windows nt 4.0 service pack
For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

How to Determine If You Are Using FrontPage Personal Web Server

  1. After starting FrontPage, click Open FrontPage Web on the File menu, click More Webs, and then click List Webs.
  2. If you have FrontPage Personal Web Server installed, a taskbar icon named "Web Server idle" appears on the taskbar. If the icon does not appear on the taskbar, you do not have FrontPage Personal Web Server installed.

To Apply the Patch

  • If you are using FrontPage 1.1 or FrontPage 97, and you have FrontPage Personal Web Server installed, please see the following article in the Microsoft Knowledge Base:
    217765 FP97: Security Patch for FrontPage Personal Web Server
  • If you are using FrontPage 98, and you have FrontPage Personal Web Server installed, please see the following article in the Microsoft Knowledge Base:
    216453 FP98: Security Patch for FrontPage Personal Web Server
If you experience difficulties installing the patch or require technical assistance with the patch, please contact Microsoft Product Support Services. For information about contacting Microsoft Product Support Services, please visit the following Microsoft Web site:
http://support.microsoft.com/contactus/
NOTE: Personal Web Server (all versions) running on Microsoft Windows NT 4.0 is not affected by this issue.

Windows NT Server 4.0, Terminal Server Edition

To resolve this problem, obtain the latest service pack for Windows NT Server 4.0, Terminal Server Edition. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to obtain the latest Windows NT 4.0 service pack

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows NT Server version 4.0, Terminal Server Edition Service Pack 6.

More information

For more information about this vulnerability, please see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms99-010.mspx
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security
For more information about Windows 98 and Windows 98 Second Edition hotfixes, click the following article number to view the article in the Microsoft Knowledge Base:
206071 General Information About Windows 98 and Windows 98 Second Edition Hotfixes

Properties

Article ID: 217763 - Last Review: November 1, 2013 - Revision: 8.0
Applies to
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft FrontPage 97 Standard Edition
  • Microsoft FrontPage 98 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Keywords: 
kbnosurvey kbarchive kbhotfixserver kbqfe kbdownload kbbug kbfix kbgraphxlinkcritical kbinterop kbnetwork atdownload KB217763

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com