Subject: | |
From: | |
Reply To: | COLE,GLENN (Non-HP-SantaClara,ex2) |
Date: | Tue, 1 May 2001 20:38:36 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
MSNBC has a story on the latest IIS web server vulnerability.
"The problem...stems from a component in Windows 2000
that allows users to print remotely over the Internet. The
flaw enables attackers to take control of Web servers using
Windows 2000 and Internet Information Server 5.0 (IIS),
Microsoft's latest server software, simply by sending a
single string of carefully crafted text to that component.
...
"But using the new flaw, eEye
demonstrated that it could trick a host computer into giving
an attacker a command prompt simply by sending a single
string of characters to an Internet Information Server-run
Web site. From that prompt, the attacker could do anything
the system administrator could do."
The full story is at
http://www.msnbc.com/news/567192.asp
A patch is available from
http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
--Glenn
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|