H3-2025-0003¶

IIS Shortname Disclosure Vulnerability

Description¶

The IIS webserver responds to requests for 8.3 shortnames, which an attacker can use to discover and read files and directories by using data warehouses or wordlists mapping shortnames to likely full names (e.g. shortname 'USER_N' to 'USER_NETWORK').

Impact¶

Remote attackers can discover and read sensitive files hosted by the webserver more easily than with traditional brute-forcing.

References¶

• Microsoft Article
• Medium Article
• Microsoft Article (Detailed)
• MITRE ATT&CK Technique: T1595.003: Active Scanning: Wordlist Scanning