News

IIS Security Hole Found

A security hole was found in Microsoft Corp.’s Internet Information Server 4.0 through which hackers can gain access to credit card numbers and other personal information over the Internet.

An advisory by the Computer Emergency Report Team at Carnegie Mellon Universtiy (www.cert.org) states that: A buffer overflow vulnerability affecting Microsoft Internet Information Server 4.0 has been discovered in the ISM.DLL library. According to Microsoft, ISM.DLL is the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.

To add insult to injury, a tool to exploit this vulnerability has been publicly released by eEye (www.eeye.com), a maker of security software that claims to have reported the defect to Microsoft last week.

Microsoft has released a temporary patch to stop hackers from attacking Web sites and claims a permanent fix is on the way. The patch can be found at: www.microsoft.com/security/bulletins/ms99-019.asp. --Thomas Sullivan

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Expands Azure AD Password Lengths, Adds Conditional Access Controls

    Microsoft announced a couple of Azure Active Directory enhancements this week regarding password lengths and new conditional access controls for IT pros.

  • Attack Surface Analyzer 2.0 Available for Checking Software Installs

    Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

  • What Causes Hyper-V Replication Failures?

    Hyper-V replication failures happen rarely, but their impact can be catastrophic when they do. Know the scenarios that are likely to trigger a replication failure.

  • Microsoft Touts Using HyperClear To Address Intel Processor Woes

    Microsoft is again promoting its HyperClear Hyper-V hypervisor technology as a potential balm for organizations trying to come to grips with Intel's latest speculative execution side-channel attack disclosures.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.