Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eight New Security Holes in IIS

Posted by timothy on from the nobody's-perfect dept.

TedCheshireAcad writes: "A story at the Register asserts that MS's 'Trustworthy Computing' campaign has failed once again, with eight new IIS vulnerabilities discovered. The vulnerabilities include such delights as a buffer overflow in the ASP ISAPI filter, improper HTTP header handling, FrontPage Server Extensions problems and more goodies. Both IIS 4 and 5 are vulnerable. Thanks to eEye and @Stake for their advisories here(1) and here(2)."

1 of 46 comments (clear)

  1. it's actually 10... by seigniory · · Score: 4, Informative

    http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-018.asp

    Impact of vulnerability: Ten new vulnerabilities, the most serious of which could enable code of an attacker's choice to be run on a server.

    What's wrong with the /. hype machine these days? First it takes 2 days to post the news, then they understate the scope of the problems.