"Keyless" entry found in Microsoft's IIS (all current versions)

Major Vulnerability found in Microsoft's IIS!

This question was answered on June 22, 2001. Much of the information contained herein may have changed since posting.

---

The flaw, which affects all versions of IIS running under Windows NT, Windows 2000 and a limited-release beta version of Windows XP, could allow hackers to gain complete control of a server

According to eEye.com:

"A major security vulnerability discovered recently in Microsoft's IIS Web Server provides keyless entry to more than six million Microsoft IIS Web servers around the world Attackers who leverage the vulnerability can remotely gain full system access to any server running a default installation of IIS on Windows NT 4.0, 2000, or XP System-level access gives attackers the ability to install and run malicious code; manipulate Web server databases; add, change or delete files and Web pages; and do just about anything else they desire."

Get the Microsoft bulletin and the patch at:

<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp</b></font></a>

About the author

Posted by Ken Colburn of Data Doctors on June 22, 2001

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!