Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eight New Security Holes in IIS

Posted by timothy on Thursday April 11, 2002 @03:26PM from the nobody's-perfect dept.

TedCheshireAcad writes: "A story at the Register asserts that MS's 'Trustworthy Computing' campaign has failed once again, with eight new IIS vulnerabilities discovered. The vulnerabilities include such delights as a buffer overflow in the ASP ISAPI filter, improper HTTP header handling, FrontPage Server Extensions problems and more goodies. Both IIS 4 and 5 are vulnerable. Thanks to eEye and @Stake for their advisories here(1) and here(2)."

3 of 46 comments (clear)

Min score:

Reason:

Sort:

it's actually 10... by seigniory · 2002-04-11 16:12 · Score: 4, Informative

http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-018.asp

Impact of vulnerability: Ten new vulnerabilities, the most serious of which could enable code of an attacker's choice to be run on a server.

What's wrong with the /. hype machine these days? First it takes 2 days to post the news, then they understate the scope of the problems.
Re:MS found these bugs first! by Anonymous Coward · 2002-04-11 16:44 · Score: 1, Informative

Since when are @stake and eEye part of Microsoft?
Re:MS found these bugs first! by Popocatepetl · 2002-04-11 16:58 · Score: 3, Informative

Microsoft did not find (at least some of) these holes. Did you follow any of the links in the original post??? Going to Microsoft Security Bulletin MS02-18, we find the following:

Acknowledgments
Microsoft thanks the following people for reporting this issue to us and working with us to protect customers:

Below that you see a list of people and organizations who reported holes.