News

Critical Vulnerability in IE, ISA and Proxy Server

Microsoft hastily issued a pre-patch workaround for a critical vulnerability involving the handling of the Gopher protocol in several of its products after parties went public with the information.

"The information required to exploit this vulnerability has been released before the patches have been completed. To allow customers to take action to protect themselves while the patches are built, Microsoft is releasing work-around information. Microsoft will update this bulletin to announce the availability of patches as soon as they are available," Microsoft wrote in a bulletin about the vulnerability and workaround, which can be found at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-027.asp.

Microsoft has been embroiled in a long-running dispute with a faction of the information security community about whether vulnerability information should be released before a vendor has a patch available. Microsoft's position is that such information should be withheld until fixes are ready.

The problem affects Internet Explorer, Internet Security & Acceleration Server 2000 and Microsoft Proxy Server 2.0.

An unchecked buffer in code that handles information returned from a server using the Gopher protocol allows for a buffer overrun attack.

On ISA and Proxy Server, the tactic could give an attacker complete control over the server, allowing the attacker to format the hard drive, add administrators to the system or whatever else the attacker wanted to accomplish. The vulnerability on Internet Explorer is more limited, allowing the attacker to run code in the user's context.

Most of the functions and capabilities of Gopher have been superceded by HTTP, Microsoft notes, adding that it might be a good best practice to close access to Port 70 for enterprises without known legitimate uses for the protocol.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Endpoint Manager Improvements Highlighted at Ignite

    Improvements in the Microsoft Endpoint Manager (MEM) management solution were part of Tuesday's Microsoft Ignite online event.

  • Green City Illustration

    Microsoft Ignite 2020 Reaction, Part 1: A New Normal for Tech Conferences

    Something about Satya Nadella's opening keynote makes Brien wonder if Microsoft thinks we'd all be better off doing everything -- including conferences like Ignite -- remotely, even after the pandemic is over.

  • Microsoft Ignite: Azure Advances Across Five Frontiers

    To kick off the Microsoft Ignite virtual conference, CEO Satya Nadella made a bold claim about the public cloud with the second-largest market share behind Amazon.

  • Microsoft Buying Games Maker ZeniMax Media for $7.5 Billion

    Microsoft is buying ZeniMax Media, parent company of Bethesda Softworks and other game-maker affiliates, for $7.5 billion in cash.

comments powered by Disqus