Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious IIS Hole; Minor X Bug

Posted by michael on from the truthworthy-computing dept.

EyesWideOpen writes "Microsoft announced Wednesday that there is a serious software flaw with its IIS web server. The 'vulnerability affects a function in the server software that allows Web administrators to change passwords for an Internet site.' A researcher with eEye Digital Security discovered the flaw in mid-April but it wasn't announced publicly because of an agreement with Microsoft. The Wired article is here and this appears to be the MS bulletin describing the vulnerability in detail." And several people reported this Register story on a way to DOS Mozilla users by trying to display ludicrously large fonts. Microsoft's time to patch a remote hole where the attacker can gain complete access to your computer: two months. Open Source's time to patch a much less serious bug where the attacker can merely crash your computer: three days.

4 of 467 comments (clear)

  1. Re:Biased reporting yet again by CaptainZapp · · Score: 0, Flamebait
    I'm a little bit sick and tired about all those whiners complaining about biased reporting.

    This is slashdot for crying out loud and neither the editors nor the contributers have any obligations whatsoever for objective reporting or commenting.

    If you don't like it in here feel free to tune into ZDnet or read some unbiased reports by Microsoft sponsored "Think Tanks".

    There is no need to thank me.

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

  2. Time to report Oracle bug? by BillTheKatt · · Score: 0, Flamebait

    Another fine piece of Slashdot reporting. I guess no one saw fit to report the new gaping holes in "unbreakable" Oracle.

    I guess bugs only matter if they're curtesy of Microsoft. If Bill was smart he'd grow a scruffy beard, claim his O/S is unbreakable and come up with rediculous predictions once a week (NetPC, etc.). No one would bother him then.

    I wish Slashdot would grow up and become a real news site, you know, just the facts maam. Instead it's a whine fest for people with an axe to grind. Report the news, and save your commentary for the comments section.

  3. Re:Flawed logic by WildBeast · · Score: 1, Flamebait

    Sure, let the user find the bug when he least needs his browser to crash.

    Me, I have no problem with Mozilla's strategy as long as Mozilla is free.

  4. Re:Only affects HTR - a rarely used feature by mosch · · Score: 1, Flamebait
    you're right, a bug in the default configuration surely won't affect many people. So this really only affects sysadmins who don't bother to lock their server down, people who use htr, non-professionally adminned servers, desktops who have IIS enabled accidentally, production servers at colo facilities who wanted to not restrict their customers, any machine at all run by an admin who didn't feel the need to restrict the funcionality they provide to their users really...

    yeah, not many people at all. you fucking retard.