By Joey Gardiner, 19 June 2001 13:45
NEWS Microsoft has issued a patch for a huge security hole in its Internet Information Server (IIS) which could give hackers complete control of web servers running NT 4.0 and Windows 2000.
The problem seriously affects software used by six million websites worldwide.
The security hole could allow a malicious coder to run any program of his or her choice with total control of the web server, but Microsoft says the fault is due to an unchecked buffer in the code that handles URLs.
Microsoft's own advice states: "Clearly, this is a serious vulnerability...Microsoft strongly urges all web server administrators to apply the patch immediately."
The hole also affects the beta version of Microsoft's new XP operating system.
However, Windows 2000 Professional users will not be exposed to the vulnerability if the software is left in its default setting.
The security flaw was spotted by eEye Digital Security.
Information on patches can be found at http://www.microsoft.com/technet/security/bulletin/MS01-033.asp.
For related news, see
Microsoft to investigate Passport security 'flaw'
http://www.silicon.com/a44732
Oops, we did it again: Microsoft admits to Windows 2000 security cock-up
http://www.silicon.com/a44179
Microsoft foiled in first foray into security
http://www.silicon.com/a43953
Explorer glitch leaves Microsoft users vulnerable
http://www.silicon.com/a43630
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below