"Keyless" entry found in Microsoft's IIS (all current versions)

Question

Major Vulnerability found in Microsoft's IIS!

Answer

This question was answered on June 22, 2001. Much of the information contained herein may have changed since posting.

The flaw, which affects all versions of IIS running under Windows NT, Windows 2000 and a limited-release beta version of Windows XP, could allow hackers to gain complete control of a server

According to eEye.com:

"A major security vulnerability discovered recently in Microsoft's IIS Web Server provides keyless entry to more than six million Microsoft IIS Web servers around the world Attackers who leverage the vulnerability can remotely gain full system access to any server running a default installation of IIS on Windows NT 4.0, 2000, or XP System-level access gives attackers the ability to install and run malicious code; manipulate Web server databases; add, change or delete files and Web pages; and do just about anything else they desire."

Get the Microsoft bulletin and the patch at:

<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp</b></font></a>

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on June 22, 2001