About this tag
The urlscan tag on WindowsForum.com covers discussions about URLScan, a free security tool for Internet Information Services (IIS) that helps administrators block malicious requests based on custom rules. Content under this tag focuses on using URLScan as a workaround for vulnerabilities, such as the ASP.NET information disclosure issue addressed in Microsoft Security Advisory 2416728. Topics include configuring URLScan rules to block specific query strings, integrating it with IIS on Windows Server and client versions like Windows 7, and comparing it to the built-in Request Filtering feature. The tag is relevant for IT professionals and system administrators managing IIS security and applying Microsoft security advisories.
-
Security Advisory 2416728 - Workaround Update
Hi everyone - We've updated Microsoft Security AdvisoryLink Removed due to 404 Error to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services...- News
- Thread
- active attacks advisory block requests email alerts iis microsoft monitoring msrc blog network security request filtering scott guthrie security server 2008 trustworthy computing update urlscan vulnerability windows 7 windows vista workaround
- Replies: 0
- Forum: Security Alerts
-
Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should...- News
- Thread
- active attacks advisory asp.net customerrors encryption errorpage faq information information disclosure microsoft request filtering security security breach server issues tampering urlscan viewstate vulnerability web.config workaround
- Replies: 0
- Forum: Security Alerts