Previous
IIS, Site Server vulnerable to hackers
News Culp stressed that "there is no underlying vulnerability in Site Server, IIS, ASP or Windows NT" at fault. A security problem involving Microsoft Corp.s Internet Information Server (IIS) and Site Server products leaves data and files stored on...
[May 10, 1999, 7:45]
Microsoft patches ten IIS vulnerabilities
News IIS 5.1 is not vulnerable to CAN-2002-0079 chunked encoding memory or the .htr file request buffer overflow CAN-2002-0071.IIS 4.0 is not vulnerable to one of the cross-site scripting threats.The FTP status request DoS vulnerability will be...
[April 29, 2002, 13:39]
Hybrid DDoS worm strikes Microsoft SQL Server
News Voyager Alpha Force is unlikely to cause the same scale of damage as inflicted by Code Red and Nimda, because SQL Server is not as widely used as Microsoft IIS Server, which those worms used to propogate.
[November 23, 2001, 13:38]
Code Red II: A double whammy
News The new worm, which some are calling Code Red II, attacks the same vulnerability -- originally reported by CNET News.com in June -- in Windows 2000 and Windows NT servers running Microsoft's Internet Information Service (IIS) Web server software.
[August 7, 2001, 9:25]
Web ripe for massive worm attack
News Microsoft published a trio of security advisories on 12 June related to its Internet Information Server (IIS), and this was followed on 17 June by the publication of a bug in the Apache Web server application that leaves the software open to a...
[July 1, 2002, 12:21]
US Army attacked via new Windows flaw
News The flaw, known as a buffer overflow, is in a component of the software that handles the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol in Microsoft's Internet Information Server (IIS).
[March 18, 2003, 7:43]
Microsoft patches Windows NT WebDAV flaw
News The original flaw allowed an online attacker to take control of a military server last March by using the World Wide Web Distributed Authoring and Version (WebDAV) component of Microsoft's flagship Web server software, Internet Information...
[April 25, 2003, 8:11]
Microsoft rolls out record Patch Tuesday fixes
News We didn't see any in-the-wild exploitations of the [IIS WebDav] vulnerability but typically when Microsoft releases those alerts they're doing it because a customer [has alerted them to an exploit]," said Steve Manzuik, senior manager of security...
[June 10, 2009, 8:37]
Microsoft finds 'critical' flaw in Phonebook
News The first alerts users to a vulnerability in Microsoft SQLXML that could allow attackers to execute code of their choice on the Microsoft Internet Information Services (IIS) Server, or execute a script on a user's computer with a higher privilege...
[June 13, 2002, 8:41]
'Blaster-type event' forecast for summer
News An exploit that uses a vulnerability in the private communications transport (PCT) feature of Windows Web servers, known as Microsoft Internet Information Servers (IIS), has compromised systems at many companies, Ullrich said.
[April 29, 2004, 8:30]
Windows WMF woes widen
News A few years ago it was IIS, then SQL Server, then RPC, now it's the Windows Graphics Engine," he said. IIS is Internet Information Services (the Web server part of Windows Server), SQL Server is Microsoft's database product, and RPC is the Remote...
[January 10, 2006, 8:45]
Windows 2000 Security Patch: Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0
Downloads Microsoft has released a patch that fixes a security vulnerability in IIS 5.0 resulting from an unchecked buffer in the .printer ISAPI extension. A malicious attack from this vulnerability would lead to a full compromise of the server.
[September 13, 2007, 14:15]
IIS flaw under investigation by Microsoft
News In a statement, a Microsoft representative said the company "is investigating new public claims of a possible vulnerability in IIS 5 and IIS 6 File Transfer Protocol (FTP)". IDG said the exploit appears to affect primarily older versions of IIS...
[September 1, 2009, 15:15]
Web at risk from new MS flaw
News The vulnerability lies within the code that Microsoft's IIS server uses to support indexing, a feature that speeds searching on Web servers. As first reported by CNET News.com, the flaw occurs in a component of Microsoft's Internet Information...
[June 19, 2001, 8:30]
Microsoft warns of new server vulnerability
News In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)". An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS...
[May 19, 2009, 9:14]
Windows 2000 Security Patch: Superfluous Decoding Operation Could Allow Command Execution via IIS
Downloads Microsoft has released a patch that addresses a denial of service (DoS) vulnerability that exists in Microsoft Internet Information Services (IIS) 5.0 because the function that processes wildcard sequences in FTP commands does not always allocate...
[September 13, 2007, 14:17]
Anti-virus experts issue HP hole alert
News In the case of Code Red, Microsoft released a patch for the Internet Information Server (IIS) software vulnerability on 18 June, but it was not until a month later that the self-propagating worm was unleashed.
[August 16, 2001, 12:37]
Microsoft Windows Security Bulletin Summary for July
Downloads Bulletin Title: Security Update for IIS 4.0 (841373) Impact of Vulnerability: Local Elevation of Privilege Bulletin Title: Vulnerability in Task Scheduler Could Allow Code Execution (841873) Executive Summary: A remote code execution vulnerability...
[August 2, 2004, 8:00]
Microsoft IIS4 "Cross-Site Scripting" Vulnerability Patch
Downloads Several features in IIS were found to be affected--some were found by Microsoft internal teams, and others were identified by customers--and this patch eliminates all of them. This vulnerability, known as Cross-Site Scripting (CSS), results when...
[November 9, 2000, 7:49]
FBI: Microsoft IIS most vulnerable
News This year it's Microsoft IIS," Paller says, "because it's so widespread and so easy to break into. But if they don't explicitly disable it, the hidden version of IIS can simply run in the background, providing a back door into the computer on which...
[November 8, 2001, 9:40]
