Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebDAV Buffer Overflow Attack Compromises IIS 5.0

Posted by timothy on Monday March 17, 2003 @09:50AM from the what-this-old-thing dept.

rf0 writes "Well CERT is reporting a new overflow attack for IIS 5.0. Microsoft has released a bulletin. Better download those patches and fix another security hole." According to this CNET story, Microsoft says that this is already being exploited, at the very least since last Wednesday.

1 of 367 comments (clear)

Min score:

Reason:

Sort:

Re:Bullshit by NineNine · 2003-03-17 12:19 · Score: 1, Troll

It's not the holes, it's the policy. IIS runs as LocalSystem by default.

So what? You can run IIS under any user. Also, NTFS has very granular file level permissions. It's no less secure than Apache. Default settings do not have a whole hell of a lot of bearing on the quality of an app in my book. That's why they're settings... they can be changed.