| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Security Bulletin: Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise | |
|
||
| Time: 19:03 EST/00:03 GMT | News Source: Microsoft TechNet Security | Posted By: Viper | ||
|
Microsoft has just released a fix for the recently discovered security flaw in Microsoft Index Server 2.0 & Indexing Service in Windows 2000. Idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it. Clearly, this is a serious vulnerability, and Microsoft urges all customers to take action immediately. Select your operating system below to download the patch. Patches for Windows 2000 Datacenter Server are hardware-specific and available only from the original equipment manufacturer. The vulnerability will be eliminated in the next Windows XP beta update as well as the final, released version of the product. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 141 Last | Next |
The time now is
6:37:55 PM
ET.
Any comment problems? E-mail us |
| #1 By 111 (Unknown) at 6/19/2001 8:17:00 AM |
| If Microsoft thought this a serious issue, it would be set as a critical update in Windows Update before you can bat an eye. It totally amazes me that it takes up to four weeks for "security and critical updates" to appear in WU after they are released. Did it ever occur to MS that people are not proactively downloading security updates, visiting MS's site whenever they might be worrying about a possible intrusion, but rather they download updates ONLY when a box pops up telling them that there are critical updates to download? |
|
Write Comment
Return to News |
Displaying 1 through 25 of 141 Last | Next |
The time now is
6:37:55 PM
ET.
Any comment problems? E-mail us |
