|
eEye Digital Security Tuesday revealed that it had uncovered a buffer
overflow vulnerability in all versions of Microsoft Corp.'s Internet
Information Services (IIS) Web server software that allows remote system
level code execution.
Redmond | News: New DoS Vulnerability Emerges in W2K, NT4::
Corp. Tuesday night scrambled to patch another new bug that makes Windows NT 4.0 a relaying vulnerability that was discovered last month in IIS SMTP server
http://redmondmag.com/news/article.asp?EditorialsID=4841HOME |
Upon discovering the vulnerability, eEye immediately notified Microsoft's security team and worked with the company to develop a patch.
Microsoft Security Bulletin MS04-011: Security Update for Microsoft ::
This update resolves several newly-discovered vulnerabilities. An attacker could also access the affected component through another vector.
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspxHOME |
Another serious security hole in Microsoft IIS::
Sever has been installed on its own, without IIS, there is no vulnerability, the security firm that found the first ISAPI bug, also discovered this flaw.
http://www.networkworld.com/news/2001/0618isapi.htmlHOME |
The vulnerability exists in the code that allows an IIS Web server to
interact with Microsoft Indexing Service functionality. The .ida (Indexing
Service) ISAPI filter -- installed by default on all versions of IIS -- does
not perform proper "bounds checking" on user inputted buffers, which makes
it susceptible to buffer overflow attacks.
Microsoft Security Bulletin MS04-021: Security Update for IIS 4.0 (841373)::
This update resolves a newly-discovered, privately reported vulnerability. redirects the browser to another page, such as to a generic error page or to the
http://www.microsoft.com/technet/security/bulletin/ms04-021.mspxHOME |
operating systems and vulnerability Resources | ZDNet::
Local root escalation vulnerability in Mac OS X 10.4 and 10.5 discovered microsoft iis server (3 results) web browsers (3 results) microsoft windows xp (3
http://updates.zdnet.com/tags/operating+systems+and+vulnerability.htmlHOME |
Using such a buffer overflow attack, a malicious hacker could remotely gain
full system access to any server running a default installation of Windows
NT 4.0, Windows 2000 or Windows XP and using the IIS software. The attacker
would then have the run of that server, with the ability to perform any
desired action, including installing and running programs, manipulating Web
server databases, adding, changing or deleting files and Web pages, etc.
Slashdot | Another Critical Microsoft Hole::
in the face of yet another IE/IIS critical security vulnerability is And did he, after it was discovered that such a system is not perfectly, 100%,
http://slashdot.org/article.pl?sid=02/11/21/1317229&mode=nested&tid=172HOME |
"According to Netcraft, there are roughly 5.9 million Web servers running
IIS," eEye said. "It is safe to say that because the vulnerability is within
a default IIS component that, at the very least, 50 percent of these servers
have the .ida extension running, making this one of, if not the single
largest vulnerability in IIS to date."
Microsoft is working to patch Windows XP against the vulnerability before
the final version ships to customers.
 RealNetworks Forges New Media Commerce Suite, Standard
 DiData Pushes for Network Security |
