Apr 12, 2002 : Microsoft Releases Critical IIS Patch
📅 - Microsoft Corp. (microsoft.com), announced on Wednesday that it has released a cumulative patch for its Internet Information Server that fixes more than ten holes in the Web server software, including several critical patches for vulnerabilities that could allow a hacker to take complete control of a machine.
The announcement recommends that anybody hosting Web servers using Windows NT 4.0, Windows 2000 or Windows XP install the new patch, which Microsoft says fixes all previously identified IIS security vulnerabilities, as well as 10 new ones.
According to Microsoft, the company has not yet had reports of any attempts to take advantage of the exploits.
Security experts call the patch, and the vulnerabilities it addresses, very serious. One of the vulnerabilities announced involves every IIS server on Windows 2000 and Windows XP, regardless of how it is configured.
Many of the vulnerabilities described in the release make computer systems susceptible to either denial-of-service of buffer overflow attacks, which can cripple Web servers, or allow malicious users to execute scripts on the machine.
The attacker, says Microsoft, could then do anything the machine's owner could do, including changing Web pages, installing and running software or reformatting the hard drive.
Microsoft says customers operating IIS version 4, 5 and 5.1 should download the patch. The software runs on Windows NT 4.0, Windows 2000 and Windows XP, and may be operating without the user's knowledge.
XP users can receive the patch automatically through the AutoUpdate feature. And all Windows users can install the patch through Microsoft's automated Windows Update Web site. They can also be downloaded and installed manually.
In addition to the patch, Microsoft recommends that users run the IIS Lockdown Tool, which disables unnecessary features, for added security.
The announcement recommends that anybody hosting Web servers using Windows NT 4.0, Windows 2000 or Windows XP install the new patch, which Microsoft says fixes all previously identified IIS security vulnerabilities, as well as 10 new ones.
According to Microsoft, the company has not yet had reports of any attempts to take advantage of the exploits.
Security experts call the patch, and the vulnerabilities it addresses, very serious. One of the vulnerabilities announced involves every IIS server on Windows 2000 and Windows XP, regardless of how it is configured.
Many of the vulnerabilities described in the release make computer systems susceptible to either denial-of-service of buffer overflow attacks, which can cripple Web servers, or allow malicious users to execute scripts on the machine.
The attacker, says Microsoft, could then do anything the machine's owner could do, including changing Web pages, installing and running software or reformatting the hard drive.
Microsoft says customers operating IIS version 4, 5 and 5.1 should download the patch. The software runs on Windows NT 4.0, Windows 2000 and Windows XP, and may be operating without the user's knowledge.
XP users can receive the patch automatically through the AutoUpdate feature. And all Windows users can install the patch through Microsoft's automated Windows Update Web site. They can also be downloaded and installed manually.
In addition to the patch, Microsoft recommends that users run the IIS Lockdown Tool, which disables unnecessary features, for added security.
Reads: 1952 | Category: General | Source: TheWHIR : Web Host Industry Reviews
URL source: http://www.thewhir.com/marketwatch/iis041202.cfm
Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!
📅 - 
📅 -