You are here: silicon.com > Hardware > Servers

Microsoft patches the hole

Hole in the net gets Gates threading the needle...

By Joey Gardiner

Published: 19 June 2001 13:45 BST

Microsoft has issued a patch for a huge security hole in its Internet Information Server (IIS) which could give hackers complete control of web servers running NT 4.0 and Windows 2000.

The problem seriously affects software used by six million websites worldwide.

The security hole could allow a malicious coder to run any program of his or her choice with total control of the web server, but Microsoft says the fault is due to an unchecked buffer in the code that handles URLs.

Microsoft's own advice states: "Clearly, this is a serious vulnerability...Microsoft strongly urges all web server administrators to apply the patch immediately."

The hole also affects the beta version of Microsoft's new XP operating system.

However, Windows 2000 Professional users will not be exposed to the vulnerability if the software is left in its default setting.

The security flaw was spotted by eEye Digital Security.

Information on patches can be found at http://www.microsoft.com/technet/security/bulletin/MS01-033.asp.

For related news, see
Microsoft to investigate Passport security 'flaw'
http://www.silicon.com/a44732
Oops, we did it again: Microsoft admits to Windows 2000 security cock-up
http://www.silicon.com/a44179
Microsoft foiled in first foray into security
http://www.silicon.com/a43953
Explorer glitch leaves Microsoft users vulnerable
http://www.silicon.com/a43630

Add comment

Print story

Email story

RSS

Windows 2000 open to attack

Microsoft patches 22 security flaws

Microsoft fixes 20 Windows flaws

Six month-old Windows flaw could mean MSBlast 2

Microsoft owns up to massive XP security hole

In silicon.com

Commentary

silicon.com Dear silicon.com... ZX Spectrum nostalgia, Mac attack, tag a bag… Reader Comments of the Week

Steve Ranger Editor's Blog: Home computing from Acorn, Amiga and Amstrad, to the ZX Spectrum Nostalgia 2.0...

Latest News

Windows Mobile v BlackBerry in server showdown

Met Office gets £33m supercomputer

Whitehall IT to be carbon neutral by 2020

Steve Ballmer on a future in the cloud

Google: Server efficiency needs different approach

Forecasting tech blows away stormy weather

Jobs

SENIOR IT SECURITY ANALYST - ISO 27001 - WOLVERHAMPTON

Working to ISO 27001 standard, you will take the lead in risk & vulnerability assessments and department auditing. Senior IT Security Analyst opening ...

Systems Administrators Linux- package 35,000 pa + Bens- W.London

Linux Engineers- A leading electronics manufacturer is currently looking to recruit a number of Systems Administrators to add to their production ...

Web Designer - Birmingham - 26,000

The successful candidate will be talented, enthusiatic and join a creative web design team where you will be exposed to a variety of web technologies ...

Special Report Focus

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.