Previous
Microsoft warns of attacks using IIS flaw
News Microsoft disclosed the Internet Information Services (IIS) vulnerability on Monday, and on Friday said it is still working on a security update to fix the problem. According to the advisory, the vulnerability could let somebody run arbitrary code...
[September 7, 2009, 8:12]
Worm exploits Solaris to attack IIS sites
News New computer worm exploits a known vulnerability in Solaris to attack Websites based on Microsoft's IIS server The worm exploits a two-year-old vulnerability in Solaris systems and then installs software which in turn attacks servers running...
[May 8, 2001, 13:35]
Microsoft Internet Information Server 5.0 Patch: Malformed Extension Data in URL
Downloads This update resolves the "Malformed Extension Data in URL" security vulnerability in Internet Information Server (IIS) 5.0 and IIS 4.0. The vulnerability does not cause the server to fail, nor does it allow a malicious user to compromise data on...
[May 11, 2000, 8:00]
Gartner advises companies to scrap Microsoft IIS
News It combined elements of the Web-based Code Red virus and attacked the same buffer-overflow vulnerability in Microsoft's IIS software. Code Red was less about the vulnerability of IIS, as all software has bugs, but more about system administrators...
[September 25, 2001, 12:30]
IIS 4.0 Cumulative Security Update
Downloads This update eliminates two new security vulnerabilities: A denial of service vulnerability that could cause IIS 4.0 to stop responding. This cumulative update includes all of the updates that have been released for Internet Information Server (IIS...
[September 22, 2001, 3:12]
IIS5 Malformed URL Service Failure Vulnerability Patch
Downloads If such an URL were repeatedly sent to an affected system, a confluence of events could cause a memory allocation error that would result in the failure of the IIS service.Exchange 2000 is affected by the same vulnerability.
[April 4, 2001, 7:36]
WebDAV flaw exposes Win2K systems running IIS 5.0
News According to Microsoft, this vulnerability does not affect Windows XP (IIS 5.1) or Windows NT 4.0 (IIS 2.0-4.0) systems. By having customer systems penetrated before you are even aware that there is a threat, and that's just what happened recently...
[March 19, 2003, 10:08]
Microsoft races to fix security hole
News Companies that have set up their Web server with the printing turned off -- as outlined in Microsoft's "IIS Security Checklist" guidelines -- or used the IIS Security Lockdown Tool don't need to worry about the vulnerability, either.
[May 2, 2001, 8:32]
AOL communities get hacked again
News The two main vulnerability exploits of IIS that crackers are targeting at the moment are the index server buffer overflow for which no official patch has yet been released, and the IIS 5 remote printer overflow, said Read.
[June 29, 2001, 14:28]
Microsoft IIS5 "Session ID Cookie Marking" Vulnerability Patch
Downloads This patch eliminates a security vulnerability in Microsoft Internet Information server that would allow a malicious user to hijack another user's secure Web session under a very restricted set of circumstances.IIS supports the use of a...
[October 26, 2000, 8:59]
Microsoft urges urgent action on Windows security hole
News Systems running Microsoft Windows NT 4.0 with IIS 4.0 or IIS 5.0 enabled are also affected by the vulnerability, which gives an intruder complete control over the target machine. The problem, which was discovered by eEye Digital Security, stems...
[June 20, 2001, 10:35]
Microsoft patches new security flaws
News Of the four issues addressed in the combination patch, the most serious vulnerability is one in the WebDav service that IIS uses for authoring. That vulnerability exists in versions 5.0 and 5.1 of IIS, but not in version 4.0.
[May 29, 2003, 7:47]
Microsoft Windows NT 4.0 Patch: Unchecked Buffer in Index Server
Downloads Note: Although the functionality provided by idq.dll supports Index Server 2.0, idq.dll is installed with Internet Information Server (IIS) 4.0, and the vulnerability is present only when IIS 4.0 is running.
[June 18, 2001, 8:00]
Hacker exploits Microsoft bug online
News Microsoft alerted its six million customers to the problem on 18 June, and released a patch that protects IIS servers from attacks of the vulnerability. The code that was programmed on 21 June exploits a recently discovered bug in Microsoft's...
[July 5, 2001, 16:54]
FBI criticised for ignoring early Code Red warnings
News The FBI's National Infrastructure Protection Centre (NIPC) had received earlier reports of a Code Red-like worm that affected a buffer overflow vulnerability in the .htr files of Microsoft IIS 4. It is now thought that this was a test version, as...
[September 6, 2001, 13:18]
The return of Code Red
News On June 18, 2001, Microsoft published a patch for the buffer overflow vulnerability in IIS file ldq.dll, which opened servers to this attack. Code Red II, which was first seen on August 4, 2001, took advantage of the same buffer overflow...
[March 24, 2003, 10:23]
Millions vulnerable to Microsoft Web flaw
News Servers running the latest software, MDAC 2.7, are free from the security hole, as are servers on which an administrator has run the IIS Lockdown Tool, an application that helps secure systems. The company found the IIS flaw that led to the Code...
[November 21, 2002, 7:53]
IIS, Site Server vulnerable to hackers
News Culp stressed that "there is no underlying vulnerability in Site Server, IIS, ASP or Windows NT" at fault. A security problem involving Microsoft Corp.s Internet Information Server (IIS) and Site Server products leaves data and files stored on...
[May 10, 1999, 7:45]
Microsoft patches ten IIS vulnerabilities
News IIS 5.1 is not vulnerable to CAN-2002-0079 chunked encoding memory or the .htr file request buffer overflow CAN-2002-0071.IIS 4.0 is not vulnerable to one of the cross-site scripting threats.The FTP status request DoS vulnerability will be...
[April 29, 2002, 13:39]
Hybrid DDoS worm strikes Microsoft SQL Server
News Voyager Alpha Force is unlikely to cause the same scale of damage as inflicted by Code Red and Nimda, because SQL Server is not as widely used as Microsoft IIS Server, which those worms used to propogate.
[November 23, 2001, 13:38]
