News

IIS Security Hole Found

A security hole was found in Microsoft Corp.’s Internet Information Server 4.0 through which hackers can gain access to credit card numbers and other personal information over the Internet.

An advisory by the Computer Emergency Report Team at Carnegie Mellon Universtiy (www.cert.org) states that: A buffer overflow vulnerability affecting Microsoft Internet Information Server 4.0 has been discovered in the ISM.DLL library. According to Microsoft, ISM.DLL is the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.

To add insult to injury, a tool to exploit this vulnerability has been publicly released by eEye (www.eeye.com), a maker of security software that claims to have reported the defect to Microsoft last week.

Microsoft has released a temporary patch to stop hackers from attacking Web sites and claims a permanent fix is on the way. The patch can be found at: www.microsoft.com/security/bulletins/ms99-019.asp. --Thomas Sullivan

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Microsoft Adds Data Loss Prevention Alerts to Compliance Toolbox

    The latest part of Microsoft's overall compliance tooling is its Data Loss Prevention Alerts Dashboard, now generally available.

  • 2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Releases 'Staged Rollout' for Hybrid Active Directory

    Microsoft recently announced the general availability of a "staged rollout" feature in Azure Active Directory designed for organizations with "hybrid" environments.