hotfix for evil vulnerability kills ASP

[mufka]

When I install the hotfix to fix the "Web Server Folder Traversal" security vulnerability in IIS 4, it kills Active Server Pages. (this vulnerability, by the way, is VERY easily exploitable.) I have confirmed that this happens immediately after installing the hotfix. I get the following error in the system log when I try to execute a .asp: "The HTTP server was unable to load the ISAPI Application 'C:\WINNT\System32
\inetsrv\asp.dll'. The data is the error." Microsoft's Q249826 refers to the exact error but the fix, updating the MDAC, doesn't fix it.

Has anyone seen this before? Or does anyone know of a different way to fix the vulnerability?

Microsoft's info on the vulnerability is at:

http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/default.asp

A REAL description of the vulnerability can be found at:

http://www.security-focus.com/frames/?content=/vdb/bottom.html?vid=1806

 

[kork]

You can try to unregister the asp.dll file then take a newer file form a working server and register the file

unregister : regedit32 /u c:\winnt\system32\inetsrv\asp.dll
register : Use regsrv32.exe c:\winnt\system32\inetsrv\asp.dll

 

[veritas7]

I installed ms0-078 with no problems.

Are you sure you:

1) installed for correct version of IIS 4 or IIS 5?

2) didn't install the Alpha Version by mistake?

 

[zairofr]

I have the same problem and the only way i found to get by is to unistall & reinstall IIS in order to delete asp.dll which seems corrupt.

So my webserver isn't still protected!

Thx reading me.@+

ps I'm French and do my best to be comprehensible. -