Microsoft Unleashes A Hailstorm of Patches - InformationWeek
02:07 PM

Microsoft Unleashes A Hailstorm of Patches

Vendor fixes flaws in its Internet Information Services and Windows Media Services software.

Microsoft on Wednesday released a batch of patches that fix security holes in several versions of its Internet Information Services software.

IIS versions 4, 5, and 5.1 are vulnerable to what is known in security circles as a cross-site scripting attack, according to Microsoft. It's a sophisticated attack that requires the attacker to lure a Web surfer to visit a specially designed Web site and open a link. The request to open the link is sent to another IIS server, and that server can send a script that would run on the user's machine and make it vulnerable.

Other IIS patches take care of flaws that can result in a denial-of-service attack in IIS versions 4 and 5; a second denial-of-service flaw that affects both versions 4 and 5; and a buffer overflow vulnerability in version 5 that allows attackers to run code of their choice on vulnerable servers.

A patch for a flaw in Windows Media Services in Windows 2000 and NT 4.0 was also released on Wednesday.

All of the patches and more information about the security vulnerabilities are available at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll