News

IIS Security Hole Found

A security hole was found in Microsoft Corp.’s Internet Information Server 4.0 through which hackers can gain access to credit card numbers and other personal information over the Internet.

An advisory by the Computer Emergency Report Team at Carnegie Mellon Universtiy (www.cert.org) states that: A buffer overflow vulnerability affecting Microsoft Internet Information Server 4.0 has been discovered in the ISM.DLL library. According to Microsoft, ISM.DLL is the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.

To add insult to injury, a tool to exploit this vulnerability has been publicly released by eEye (www.eeye.com), a maker of security software that claims to have reported the defect to Microsoft last week.

Microsoft has released a temporary patch to stop hackers from attacking Web sites and claims a permanent fix is on the way. The patch can be found at: www.microsoft.com/security/bulletins/ms99-019.asp. --Thomas Sullivan

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft 365 Commercial Users Getting Identity Theft Monitoring

    U.S. subscribers of Microsoft 365 Personal or Microsoft 365 Family editions are now eligible for a new Identity Theft Monitoring service, the company announced this week.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Report: IT Budgets To Increase Despite Slowdown in Hiring

    A newly published annual report found that 51 percent of IT departments are planning to increase their IT spending next year, even in the face of a possible recession.

  • Microsoft Bolsters 'Employee Experience' with Latest Viva Apps

    Microsoft's Viva suite is getting new apps and enhancements, according to an announcement made on Thursday.