Advertisement
Promo

Server platforms Toolkit

Microsoft patches ten IIS vulnerabilities

John McCormick

Published: 29 Apr 2002 13:39 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

If you have a Web server running IIS on Windows NT 4.0 or Windows 2000 (or even Windows XP), you've got some new security problems to deal with. In what can only be viewed as a bad week for Microsoft, the company recently disclosed that a full double handful of ten formerly unpatched vulnerabilities exist in Internet Information Server (IIS)--and several of them have been rated as critical threats.

Some of the vulnerabilities are buffer overruns that can allow attackers to run arbitrary code on the server or to open the servers to host, or be the target of, denial of service attacks. Other flaws are less critical but could still cause damage.

If you're running almost any version of IIS, you need to update it with the latest patches form Microsoft.

In MS02-018, which describes these 10 vulnerabilities and the associated patches, Microsoft indicates the single exception. "Beta versions of .NET Server after Build 3605 contain fixes for all of the vulnerabilities affecting IIS 6.0. As discussed in the [MS02-018] FAQ, Microsoft is working directly with the small number of customers who are using the .NET Server beta version in production environments to provide immediate remediation for them.

Risk levels--low to critical

Since at least three of these vulnerabilities affecting IIS 4.0, IIS 5.0, and IIS 5.1 are rated critical by Microsoft, the cumulative patches are very important unless you have installed IIS Lockdown Tool according to best practices and don't need the services that Lockdown disables.

Applicability

As usual, Microsoft warns that the company does not test or report on vulnerabilities in any older versions of software that the company no longer supports.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
96 out of 178 people found this useful


Full Talkback thread

0 comments

Company/Topic Alerts

Create a new alert from the list below:





Video icon

Video

Microsoft Futures

Windows 7: Mixed reviews from PDC attendees

As developers received their copies of Windows 7 on Tuesday, they offered varied reactions to the Microsoft operating system update More

Microsoft floats clouds on Windows Azure

At the Professional Developers Conference, Microsoft announced the Azure Services Platform, the company's cloud-computing platform More

Ozzie: Success of Azure comes down to trust

In an interview, Ray Ozzie says businesses will be taking a risk by placing core operations in Microsoft's datacentre, but that the software giant has more to lose if things go bad More


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters