Feeds

Major MS Web Server security hole exposed, plugged

Bug-fix terrorism? Whatever next?

  • alert
  • submit to reddit

Remote control for virtualized desktops

Security outfit eEye has roused Microsoft's ire and garnered itself some cheap publicity by going public with information on what it says is a serious security flaw in Microsoft's Internet Information Server (IIS) 4.0. The move hasn't helped the company's relationship with Microsoft any, but it seems to have triggered the appearance of a swift patch, full fix to follow. According to eEye the flaw allows arbitrary code to be run on any web server running IIS 4.0, and by using a buffer overflow bug in the software attackers can remotely execute code to enable access to all data on the server." So it's a serious one, although Microsoft says it hasn't had any reports of the security hole being used so far. eEye accuses Microsoft of failing to give the problem the attention it deserved. The company claims to have hassled MS for days, but "after the fifth day of reporting the bug to Microsoft, they stopped responding to our emails." So the company went public with the problem three days later, as an attempt to force Microsoft's hand. Microsoft swiftly posted a patch, but accuses eEye of irresponsibility in publicising a problem before a fix had been found. There's some justification in that, but there's also some in the view that being able to announce "we've found a hole, but we fixed it" is better than having to confirm "Yike, there's a huge security hole in our product." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?