Symptoms :
The security scan tools show that Microsoft Internet Information Server (IIS) suffers from a vulnerability which allows the detection of short names of files and directories which have an equivalent in the 8.3 version of the file naming scheme. By crafting specific requests containing the tilde '~' character, an attacker could leverage this vulnerability to find files or directories that are normally not visible and gain access to sensitive information. Given the underlying filesystem calls generated by the remote server, the attacker could also attempt a denial of service on the target application.
Cause:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation was not set as 1
Solution:
- Open registry editor
- Navigate to below registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
- Right-click NtfsDisable8dot3NameCreation, and then click Modify.
- In the Value data box, type 1, and then click OK.
More Information:
The NtfsDisable8dot3NameCreation registry key is used to control the creation of 8.3 short filenames on NTFS volumes in Windows operating systems. This setting is important for compatibility with older applications that rely on the 8.3 filename convention, but it can also impact performance and security.
The Default Value of "NtfsDisable8dot3NameCreation" can have the following values:
0: Enables 8dot3 name creation for all volumes on the system.
1: Disables 8dot3 name creation for all volumes on the system.
2: Sets 8dot3 name creation on a per volume basis.
3: Disables 8dot3 name creation for all volumes except the system
Updated Apr 24, 2025
Version 2.0
PradeepSharma
Microsoft
Microsoft