MS posts fix for IIS security hole
Published: 23 Jun 1997 13:18 BST
Microsoft has posted a description and fix to prevent hackers causing Internet Information Server (IIS) to crash when they enter certain URLs.
Part of the statement reads: "These types of Denial of Service issues are common on the Internet and could happen to any Web server. However, this bug does not compromise sensitive data in any way. It forces IIS to become unavailable for a short time and is easily remedied by restarting the Web server... Microsoft takes issues like these very seriously and has responded rapidly by addressing the issue with a permanent fix that prohibits this specific type of attack and also records the IP address of the attacker in a log file... A malicious hacker could write a program to find the exact character sequence. A hacker simply can't publish a URL that would bring down an IIS server."
The bug was on reported on the Bugtraq mailing list for developers sharing data about security bugs in Unix and related operating environments.
Did you find this article useful?
45 out of 97 people found this useful
- Share this article:
