News

Microsoft Security Updates

IE 5, IIS 5.0, and Windows NT/2000 affected.

The following are security updates for Internet Explorer 5.01/5.5, Internet Information Services 5.0 and Windows NT 4.0/2000:

  • Internet Explorer Can Divulge Location of Cached Content—A vulnerability exists that lets a Web page or HTML e-mail be used to ascertain the physical location of cached content in Internet Explorer 5.01/5.5. An attacker exploiting this vulnerability can open the cache, launch .chm files that contain shortcuts to executables, and then run the executables. For the patch that’ll eliminate this vulnerability, go to www.microsoft.com/technet/security/bulletin/MS01-015.asp.
  • Malformed WebDAV Request Can Cause Internet Information Services 5.0 To Exhaust CPU Resources—WebDAV is an extension of the HTTP protocol that allows remote authoring and management of Web content. But a flaw exists in the way WebDAV handles a certain type of malformed request. If a stream of such requests is directed at a server running Internet Information Services 5.0, it can consume all of that server’s CPU availability. For the patch that’ll eliminate this vulnerability, go to www.microsoft.com/technet/security/bulletin/MS01-016.asp.
  • Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard—In late January, an individual fraudulently claiming to be a Microsoft employee applied for and received two VeriSign Class 3 code-signing digital certificates. These certificates can be used to make it appear that certain programs, ActiveX controls, Office macros and other executable content come from Microsoft, when in fact they don’t. For more information on this issue, go to www.microsoft.com/technet/security/bulletin/MS01-017.asp.

Microsoft, Redmond, Washington, www.microsoft.com.

Featured

  • Microsoft Previews Windows Autopilot for HoloLens 2

    Microsoft on Friday announced a public preview of Windows Autopilot for HoloLens 2, its mixed-reality headset.

  • Microsoft Flirts with Charging for API Software Connections

    Microsoft may have started something new by attempting to charge its customers for software that uses its application programming interfaces (APIs).

  • Overcoming Spacesuit Anxiety During Astronaut Training

    Spacesuits are heavy, claustrophobic and hot -- an uncomfortable combination for many would-be astronauts. Here's how Brien came around to the idea of wearing one.

  • Microsoft Announces Azure Kubernetes Service Enhancements

    Microsoft this week announced a few Azure Kubernetes Service (AKS) product milestones as part of the KubeCon event.

comments powered by Disqus