Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear

Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Web ITrain.org

Bug Hits Microsoft Webservers

Security hole opens all files to everyone

ITinfo Sponsor

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

Microsoft Webservers Laid Open For All To See

Microsoft is scrambling to repair damage caused by a security hole in its IIS 4 & 5 webserver that runs on Windows NT/2000. Microsoft claims over four million IIS websites, and each one of them is at risk of releasing sensitive data through the security hole. Called the "Web Server Folder Traversal" error, the flaw allows users to execute files on an IIS website by requesting a specific web address. Microsoft released a bulletin about the problem Tuesday, urging customers to patch their systems.

The bug allows access to any file on the webserver via a specified URL. Like all webservers, IIS is supposed to prevent access to files that aren't intended to be part of the website.

Microsoft has released a patch that will close the security hole. IIS webmasters may download and install the patch from Microsoft's Security Bulletin site.

Call for Comments

References

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2000 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/2000/it001017.html
updated October 17, 2000