Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> IIS 5.0 on Win2K from InfoWeek

IIS 5.0 on Win2K from InfoWeek

From: <dgoulet_at_vicr.com>
Date: Wed, 02 May 2001 10:47:44 -0700
Message-ID: <F001.002F732C.20010502063256@fatcity.com> 









Microsoft is warning that an "extremely serious" flaw in Windows 
2000 could enable a cracker to control any system running 
Internet Information Services (IIS) 5.0 software that ships with 
the operating system. Earlier versions are not affected.



"Upgrade the patch before you read the bulletin 
[http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdFGA0V20NU30A6 ],"
warns Scott Culp, a Microsoft security program manager. Culp says 
an unchecked buffer in the services that support Internet 
printing capabilities causes the vulnerability. He adds that 
users who turn off the printing services are not vulnerable.



The extent of the vulnerability is severe. "There is virtually 
nothing a malicious hacker couldn't do to an exploited system," 
Culp says. Microsoft says it has distributed information about 
the vulnerability and started contacting certain customers before 
the company released the patch at 1 p.m. EDT Tuesday. A security 
software firm, eEye Digital Security, notified Microsoft of the 
vulnerability 10 days earlier.



Gartner analyst John Pescatore says a large portion of Windows 
2000 users probably have not turned off the affected services and 
should either do so or install the patch immediately. Pescatore 
says Microsoft made a critical error. "IIS has been a cancer on 
Windows 2000," he says. "Including that code in the Windows 2000 
base vs. it being a separate application was a huge mistake." - 
George V. Hulme



For related stories, see:


Windows 2000 Security Represents A Quantum Leap
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdFGA0V20NU40A7



Security: The Enemy Within


http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdFGA0V20NU50A8



Microsoft Warns of Spoofed Certificates


http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdFGA0V20NU60AA


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: dgoulet_at_vicr.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed May 02 2001 - 12:47:44 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US