MS08-068 SMB Vulnerability and IIS FQDN Resolution

    General discussion

  • The MS08-068 patch introduced behavior changes in IIS 5.1 and above, particularly the inability to resolve the FQDN or host headers when browsing (or making a web service call) on the same machine to IIS sites using Windows Authentication.

    KB Article ID: 896861 ( describes two methods to enable FQDN and host header name resolution when on the same server. Method #1: Specify Host Names, is stated as the preferred method to fix this issue with name resolution.

    My questions however are:

    1) Does Method #1 in KB Article 896861 cause the server to again be vulnerable to SMB reflection attacks?

    2) Does the MS08-068 patch represent a fix for SMB relay attacks (note relay not reflection)?

    Monday, November 04, 2013 6:53 PM

All replies