"Mike Larson" <anonymous@discussions.microsoft.com> wrote in message
news:081201c3ce4c$9c908860$a001280a@phx.gbl...
> http://www.securitytracker.com/alerts/2003/Dec/1008563.html

>-----Original Message-----
>I don't work for Microsoft, but several people here have
seen it, and I'm
>fairly sure Microsoft has seen it [although the person who
reported it
>didn't give Microsoft any advance notice].
>
>I personally would not be worried about this. While this
is a questionable
>security decision in Windows 2000, you can use HTTP GET to
make such
>requests, and while they would be logged, would probably
not be noticed by
>most admins. Also, if you are using the free URLScan, you
are blocked from
>most of such trickery, and you can edit the URLSCAN.INI
file to log and
>block this if you wish. The article you link to says that
there is no
>solution, but two solutions were mentioned by the original
author several
>paragraphs later. All in all, I'm saving my panic for
another occasion.
>
>
>"Mike Larson" <anonymous@discussions.microsoft.com> wrote
in message
>news:081201c3ce4c$9c908860$a001280a@phx.gbl...
>> http://www.securitytracker.com/alerts/2003/Dec/1008563.html
>
>
>.