SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Pastimes : Internet Security/Privacy Issues and Solutions
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: caly who started this subject5/2/2001 9:58:58 PM
From: PJ Strifas  Read Replies (2) of 210
 
Microsoft Warns Of Vulnerability In Windows 2000

If you think this is just another report on MSFT's security issues, check out - netcraft.com and see how many websites run the IIS software. Unfortunately, they don't break it down any further than that (meaning by version numbers).

Peter J Strifas

Microsoft Warns Of Vulnerability In Windows 2000
By George V. Hulme, InformationWeek
May 2, 2001 (3:43 PM)
URL: techweb.com

Microsoft Corp. warned its customers that an "extremely serious" flaw in Windows 2000 could allow a
cracker to gain control over any system running Internet Information Services (IIS) 5.0 software that
ships with the operating system. Earlier versions are not affected.

"Upgrade the patch before you read the bulletin [www.microsoft.com/security]," warned Scott Culp,
program manager at Microsoft (stock: MSFT) security response center.

Culp said an unchecked buffer in the services that support Internet printing capabilities causes the
vulnerability. He adds that users who turn off the printing services are not vulnerable.

The extent of the vulnerability is severe.

"There is virtually nothing a malicious hacker couldn't do to an exploited system," Culp said.

Microsoft said it has distributed information about the vulnerability and started contacting certain
customers before the company released the patch at 1 p.m. EDT Tuesday.

A security software firm, eEye Digital Security, notified Microsoft of the vulnerability 10 days earlier.

Gartner analyst John Pescatore said a large portion of Windows 2000 users probably have not turned
off the affected services and should either do so or install the patch immediately.

Pescatore said Microsoft made a critical error.

"IIS has been a cancer on Windows 2000," he said. "Including that code in the Windows 2000 base vs.
it being a separate application was a huge mistake."
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News