XCCC: ????? ????? ?????? ????? ???? ???? Microsoft ??? ???? ??????? ?????? Microsoft

???? ???????: 311595 - ??? ???????? ???? ????? ????? ??? ???????.

???? ????? ????? ??????? ?????? ?????? ???????

??? ??? ???? ?????? ???? ?? ??????? ???? ??? ????

????? ???? | ?? ????

??????

???? ??? ??????? ????? ????? ???? Lockdown ????? ??????? ?????? (IIS) ??????? ??? ???? Microsoft ??????? ??????? ?????? Enterprise Edition. ??? ????? ???? IIS Lockdown ?? ?????? ????? ???? Microsoft.

????? ?? ????????? ??? ??? ??????? ????? ?????? ?? ??? "????? ??????" ??? ???? ???? ?????? "???? ??????? ??????" ?????? ??? ??? Releasenotes.htm. ??? ??? ????? Releasenotes.htm ?? ???? "?????????" ? ??? ????? ???????.

??????? ????

?????? ????? ???? ???? Microsoft ??? ???? ???? ?????? "???? ??????? ??????" ???? ??????? ???????:

?? ?????? ?????? ??????? ?? ????? ????? ????? ???? ???? Microsoft.
????? ???? ????????? ?? ?? ???????? ????????? ?????????? ??? ???? ????? ????? IIS Lockdown.
???? ????? ??????? ??? ??????? ?? "???? ??????" ?? ????? ???? "??????? ??????? ???? ??????? ??????" ??????.
???? ??? ?????? ???? ????? ????? Lockdown IIS.
??? ????? "??????? ???????" ???? ??? ????? ?? ???? ??? ??????.
?? ???? "????? Server" ? ???? ??? ???? (Server ???? ?? ????? ?? ?? ??????? ????????) ?? ???? ??? ??????.
???? ?? ????? ????? ?????? ???? ???? ???????? (SMTP) "?" ???? ??? (HTTP) ? ????? ?? ??????? ????? ????? ??? ?? ??? ???????? ??? ??????? (FTP) ?????? ???????? ??? ????? (NNTP) ? ?? ???? ??? ??????.
?? ?????? "??????? ??????? ??????" ? ?? ?????? ????? ???? ???????? ????? ?????? ?????? (.asp). ???? ?? ????? ???????? ?????? ???????? ??? ????????? ?????????? ??? ?? ???? ??? ??????.
???? ??????? ????????? ??? ???? ???? ?????? ?? ???? ??? ??????.
???? ?? ????? ???? ???????? URLScan ????? ???? ??????? ??? ?????? ?? ???? ??? ??????.
?????? ????????? ???? ??? ?????? ?? ?????? ????? ??? "????? ???????".
???? ??? Urlscan.ini ?? ?????? ??????:
C:\Winnt\System32\Inetsrv\Urlscan
????? ?? AllowHighBitCharacters = ???? ????? 1.
???? ??? ?????? ?? ???? ??? ?????.

??? ??? ???? ?????? Exchange ??????? ???? ??????? ??????? ??? Exchange 2000 Server:

?? ?????? ?????? ??????? ?? ????? ????? ????? ???? ???? Microsoft.
????? ???? ????????? ?? ?? ???????? ????????? ?????????? ??? ???? ????? ????? IIS Lockdown.
???? ??? ?????? ???? ????? ????? Lockdown IIS.
??? ????? "??????? ???????" ???? ??? ????? ?? ???? ??? ??????.
?? ???? "????? Server" ? ???? Exchange Server 2000 ??? ?? ???? ??? ??????.
???? ?? ????? ???? ???????? URLScan ????? ???? ??????? ??? ?????? ?? ???? ??? ??????.
?????? ????????? ???? ??? ?????? ?? ?????? ????? ??? "????? ???????".
??? ?????? ?????? "???????" ? ???? ??? ?????? ?? ???? ??? ?????.
???? ??? Urlscan.ini ?? ?????? ??????:
C:\Winnt\System32\Inetsrv\Urlscan
????? ?? AllowDotInPath = ???? ????? 1.
?? ???????? ??? ?????? [AllowVerbs] ????? BPROPFIND ??? ????? ??????? ??????? ??? ?? ?? ???? ????? .ini. ???????? ??? ???? ?? ???? ???????? ????????? ??????? ????? ?? ??? Releasenotes.htm ??? ????? ??????? ??? ????? ????? ?????? ??? ?????? Exchange ????? ?? ?? ???? ????? ????? ???? Microsoft. ?????? ?????????? ??? ???? ??? ?????? ??????? (%) ? ????? ???? (&) ? ???????? (:) ??? ????? ??? ?? locators ???? ????? (URLs). ???? ?? ???? ??? ??? ???? ?????? ??? ?????? ????? ??? ????????? ??? ??? ????? ?? ???? ??? ?????? ??? ??????? ??????? ????? ??? ??? ?????? ?? ???????. ???????? (:) ????? ??????? ???? ??? ?? ????? ?????? ?????????? ? ??? ???? ?????? ?????? ?? ??????? ???? ?? ????? ??????? ???? ???? ??????? (:) ?? ???????. ???? ????? ??? ???????? ?? ???? ????? ?????? [DenyUrlSequences] ?? ????? Urlscan.ini ??? ?????? Exchange ???? ?? ??????? ?????. ??? ????? ?????? ???? ???? ?????? ?? ?? ??????? [DenyUrlSequences] ?? ??? Urlscan.ini. ??? ???? ??????? ???? ??? ?????? ????? ?????? ??? ???:
[DenyUrlSequences]
.. ??? ?????? traversals ??????
. /; ??? ?????? ???? ????? ??? ??? ????
\; ??? ?????? ?????? ??????? ??????? ?? URL
:; ??? ?????? ??????? ??? ??????
%; ??? ?????? escaping ??? ???????
&; ??? ?????? ??? ?????? CGI ?????? ??? ?? ???
????? ??????? ???? ????? ?? ?? ???? ?? ??????? ??? ???????? ?? ???????. ????? ???? ??????? ???? ????? ?????? ???????? ?? ???????, ??? ??????? Microsoft Outlook ??????? Access ??? ????? ????? ?????? ?? ??? ?????? ?? ????? Urlscan.ini ??? Exchange Server:
:; ??? ?????? ??????? ??? ??????
?? ??? ??? ?????? ???? ??????? ??? ??? ?????? ??????? ?????? ?????? ??? ?????? ?? ????? URL. ??? ?????? ?? ???? ???? ??? ?? ??? ?????? ??? ??????? ???? ????? ????? ???? ?? ?????? ??????? ???. ??? ???? ????? ??? ?????? ????? ???? ????? ??????? [DenyUrlSequences] ?? ??? Urlscan.ini ??? ????? "?????? ????? ??????" ??? ???? Exchange. ??? ????? ??????? [DenyUrlSequences] ??? ????? ????? ???? ????? IIS.

???????

???? ???????: 311595 - ????? ??? ??????: 06/????/1427 - ??????: 2.2

????? ???

Microsoft Mobile Information Server 2001 Enterprise Edition
Microsoft Mobile Information Server 2002 Enterprise Edition

kbmt kbinfo KB311595 KbMtar

????? ????

???: ??? ????? ??? ?????? ???????? ?????? ????? ???? ????? ?????????? ????? ?? ????????? ?????? ????. ???? ???? ?????????? ???? ?? ???????? ???????? ?????? ????????? ????? ????????? ???????? ????? ???????? ?????? ?? ?????? ??? ?? ???????? ???????? ?? ????? ??????? ?????? ??? ??????? ?????? ??. ?????? ?? ???? ??? ??????? ???????? ????? ?? ???? ????? ?????? ??? ????? ??? ????? ??????? ?? ????? ?? ?????? ??? ??? ??????? ??????? ?? ????? ????? ????? ????? ?????. ?? ????? ???? ?????????? ??????? ??? ????? ?? ??????? ?? ????? ?????? ?? ??? ????? ?? ????? ??????? ?? ???????? ?? ??? ???????. ???? ???? ?????????? ???????? ??? ????? ?????? ??????? ??????

???? ??? ????? ??????? ?????? ??????????311595

(http://support.microsoft.com/kb/311595/en-us/ )