By Joey Gardiner, 10 April 2002 16:45
NEWS Microsoft is warning users of another raft of serious vulnerabilities in its IIS web server software. The company has released a catalogue of 10 vulnerabilities that could allow hackers to run malicious code on affected servers. Microsoft issued the alert today via its TechNet portal. It said anyone using versions of Internet Information Server (IIS) bundled in NT 4.0, Win 2000 or XP needs to apply patches. Microsoft labelled the update "critical". The 10 vulnerabilities include five more buffer overflow flaws - the type of hole taken advantage of to such devastating effect by the Code Red virus last summer. Buffer overflow flaws occur when software cannot handle multiple identical repeat commands. These cause the code to crash, and allow a malicious hacker to execute arbitrary code. Some of the buffer overflows in today's alert allow the code to be run with unrestricted system privileges, making the potential for harmful exploits limitless. Worried users should see: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-018.asp
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below