Microsoft Plugs Another Hole in IIS
Download the authoritative guide: Data Center Guide: Optimizing Your Data Center Strategy
Download the authoritative guide: Cloud Computing: Using the Cloud for Competitive AdvantageMicrosoft Wednesday released its latest security patch. This time the affected was bug-prone Internet Information Server's active server pages (ASP) function.
This is the second all-encompassing IIS patch released by the software giant, a company that's come under heat for repeated security breaches in its operating systems, Internet browser, and IIS applications over the years.Microsoft Wednesday released its latest security patch. This time the affected was bug-prone Internet Information Server's active server pages (ASP) function.
The 10 vulnerabilities, found by Microsoft technicians, eEye Digital Security, Entrust Technologies, @Stakem and several private individuals, run the gamut of the hacker's handbook. Four are considered "critical" vulnerabilities that demand immediate fixes, the bulletin states.
From buffer overrun bugs to denial-of-service vulnerabilities, the widespread patch repairs breaches that can be found in IIS 4.0, IIS 5.0, and IIS 5.1. According to Microsoft officials, beta versions of its .Net Server (build 3605) software, using IIS 6.0, already have the fixes in place, but it warned against companies using the product on their intranets.
"By definition, beta products are incomplete, they're intended for evaluation purposes and shouldn't be used in production systems," the bulletin reported.
ASP is an oft-maligned technology many developers consider the main reason for Microsoft's software security woes. Unfortunately for Microsoft and its many customers, it's the linchpin behind the company's Internet/intranet and Web services, allowing Web servers to dynamically generate Web applications.
Some believe, however, it is unfair to single Microsoft out for the current security issues. Last October, the research firm Meta Group found it was partly the responsibility of systems administrators to keep up to date with patches before hackers find the affected systems.
The patch can be found here.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...