Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eight New Security Holes in IIS

Posted by timothy on Thursday April 11, 2002 @03:26PM from the nobody's-perfect dept.

TedCheshireAcad writes: "A story at the Register asserts that MS's 'Trustworthy Computing' campaign has failed once again, with eight new IIS vulnerabilities discovered. The vulnerabilities include such delights as a buffer overflow in the ASP ISAPI filter, improper HTTP header handling, FrontPage Server Extensions problems and more goodies. Both IIS 4 and 5 are vulnerable. Thanks to eEye and @Stake for their advisories here(1) and here(2)."

2 of 46 comments (clear)

Min score:

Reason:

Sort:

it's actually 10... by seigniory · 2002-04-11 16:12 · Score: 4, Informative

http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-018.asp

Impact of vulnerability: Ten new vulnerabilities, the most serious of which could enable code of an attacker's choice to be run on a server.

What's wrong with the /. hype machine these days? First it takes 2 days to post the news, then they understate the scope of the problems.
Failure, or success? by tswinzig · 2002-04-11 16:18 · Score: 4, Insightful

This can be spun many ways. Could it be that Microsoft found these ten flaws thanks to their month of heavy code checking in February, and are working on fixes for them?

I mean, why is it a failure to find flaws and fix them? If you're trying to get trustworthy computing, seems like it's a failure if you don't fix any flaws.

--

"And like that ... he's gone."