News

IIS Security Hole Found

A security hole was found in Microsoft Corp.’s Internet Information Server 4.0 through which hackers can gain access to credit card numbers and other personal information over the Internet.

An advisory by the Computer Emergency Report Team at Carnegie Mellon Universtiy (www.cert.org) states that: A buffer overflow vulnerability affecting Microsoft Internet Information Server 4.0 has been discovered in the ISM.DLL library. According to Microsoft, ISM.DLL is the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.

To add insult to injury, a tool to exploit this vulnerability has been publicly released by eEye (www.eeye.com), a maker of security software that claims to have reported the defect to Microsoft last week.

Microsoft has released a temporary patch to stop hackers from attacking Web sites and claims a permanent fix is on the way. The patch can be found at: www.microsoft.com/security/bulletins/ms99-019.asp. --Thomas Sullivan

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.