HP3000-L Archives

May 2001, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
OT: severe IIS vulnerability
From:
"COLE,GLENN (Non-HP-SantaClara,ex2)" <[log in to unmask]>
Reply To:
COLE,GLENN (Non-HP-SantaClara,ex2)
Date:
Tue, 1 May 2001 20:38:36 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (27 lines) 
MSNBC has a story on the latest IIS web server vulnerability.

  "The problem...stems from a component in Windows 2000
   that allows users to print remotely over the Internet. The
   flaw enables attackers to take control of Web servers using
   Windows 2000 and Internet Information Server 5.0 (IIS),
   Microsoft's latest server software, simply by sending a
   single string of carefully crafted text to that component.
  ...
  "But using the new flaw, eEye
   demonstrated that it could trick a host computer into giving
   an attacker a command prompt simply by sending a single
   string of characters to an Internet Information Server-run
   Web site. From that prompt, the attacker could do anything
   the system administrator could do."

The full story is at
   http://www.msnbc.com/news/567192.asp

A patch is available from
   http://www.microsoft.com/technet/security/bulletin/ms01-023.asp

--Glenn

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2