Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebDAV Buffer Overflow Attack Compromises IIS 5.0

Posted by timothy on from the what-this-old-thing dept.

rf0 writes "Well CERT is reporting a new overflow attack for IIS 5.0. Microsoft has released a bulletin. Better download those patches and fix another security hole." According to this CNET story, Microsoft says that this is already being exploited, at the very least since last Wednesday.

8 of 367 comments (clear)

  1. This is news? by miketang16 · · Score: 0, Flamebait

    Hm.. ok.. another day, another Microsoft security hole. I wonder if even half of all Windows users use Windows Update. =P

    --
    -------
    "In times of universal deceit, telling the truth becomes a revolutionary act."
    -- George Orwell
  2. Re:Why use IIS? by Len · · Score: 3, Flamebait

    Would you also send them the list of Apache security alerts? Or is that too much truth for you?

  3. Re:did anyone read the microsoft bulletin... by 1010011010 · · Score: 0, Flamebait

    Why would you run a IIS server without using the lockdown utility??

    You could have stopped with "Why would you run a IIS server?", but, yeah, you've got a point. If you're going to play with dynamite, wear a helmet.

    Windows and the net and look at how things accelerated..why..because ma/pa people use windows..not *nix. Just the facts.

    Say "hi" to Jim, Steve and Bill at your next staff meeting. Oh, and don't drink the kool-aid!

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  4. Re:yup by Anonymous Coward · · Score: 0, Flamebait

    wish I would have posted that for real instead of AC... figured it would be flamebait... forgot this was slashdot where bash microsoft = funny/insightful...

  5. OK, so how about by The+Bungi · · Score: 1, Flamebait
    ... that Samba security hole that didn't make it to the front page? And that mySQL vulnerability a few weeks ago? And all the others that are not Microsoft products?

    It seems open source bugs/ exploits/ vulnerabilities are always conveniently buried somewhere other than on the front page.

    Not to say Microsoft software is secure, but hey. "Fair and balanced" never was part of the /. motto.

    1. Re:OK, so how about by The+Bungi · · Score: 1, Flamebait
      Um, because the number of internet-exploitable IIS 5 systems outnumbers the number of internet-exploitable MySQL and Samba systems by a factor of at least 100 to 1?

      Uh, so what? Isn't this supposed to be an anti-Microsoft and pro-open source gig? If everyone who reads Slashdot is an open source advocate/ zealot/ freak then why bother? Everyone here runs Linux and Samba and Apache and KDE and all that, no? Wouldn't it make more sense to put the other stories on the front page and relegate these to the 'Micro$oft' section? (hey, there's an idea).

      OTOH, if you use Windows and you're getting your security bulletins from Slashdot, well...

    2. Re:OK, so how about by the+eric+conspiracy · · Score: 0, Flamebait

      Yes it did, that's why I didn't mention it.

      And you complain about balance. Look in the mirror.

  6. Re:Patch? by larry+bagina · · Score: 0, Flamebait
    90% of slashdot readers are running using IE and windows. Apple security updates get hidden in apple.slashdot, BSD in bsd.slashdot, and linux/miscellaneous get ignored or hidden in developers.slashdot.

    It's only MS bugs that are "news for nerds" or "stuff that matters" enough to get front-page coverage.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.