new | ask | show | jobs
Lammy 19 hours ago  [ - ]

> IIS has a legacy behavior inherited from the old DOS 8.3 filename convention.

Is this exposing the underlying OS's behavior coupled with the fact that the IIS document root is `C:\Inetpub` by default? Eight-dot-three filenames are enabled by default on the C drive but disabled by default on all other drives on Windows 10/11:

  PS> (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion
  24H2

  PS> fsutil 8dot3name query C:
  The volume state is: 0 (8dot3 name creation is ENABLED)
  The registry state is: 2 (Per volume setting - the default)
  Based on the above settings, 8dot3 name creation is ENABLED on "C:"

  PS> fsutil 8dot3name query U:
  The volume state is: 1 (8dot3 name creation is DISABLED)
  The registry state is: 2 (Per volume setting - the default)
  Based on the above settings, 8dot3 name creation is DISABLED on "U:"
Terr_ 17 hours ago  [ - ]

Tangentially, that reminds me of how a Windows update created c:\inetpub on everybody's non-server computers, to "increase protection" for unspecified reasons.

https://www.pcworld.com/article/2684062/why-is-windows-11-la...

mook 12 hours ago  [ - ]

That page eventually leads to the CVE page: https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

While that's still pretty vague, it sounds like the issue was that something running as SYSTEM (the page seems to indicate some part of Windows Update) was not correctly checking if inetpub was a symlink or something along those lines. It also links to a script to set ACLs on that directory; presumably that's not possible to do if the directory doesn't exist.

It would probably be better to fix whatever component to not have the link traversal bug, but maybe there's some reason that makes the proper fix infeasible…

Lammy 16 hours ago  [ - ]

> to "increase protection" for unspecified reasons

Everything old is new again https://devblogs.microsoft.com/oldnewthing/20041116-00/?p=37... (2004)

raesene9 14 hours ago  [ - ]

The original research for this is at https://soroush.me/downloadable/microsoft_iis_tilde_characte...

logifail 7 hours ago  [ - ]

> PS> (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\WindowsNT\CurrentVersion').DisplayVersion > 24H2

I got no response to that command on my W10 box, turns out for older (eg LTSC) versions it appears to need:

  (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').ReleaseId
  1809