Vendor fixes flaws in its Internet Information Services and Windows Media Services software.
Microsoft on Wednesday released a batch of patches that fix security holes in several versions of its Internet Information Services software.
IIS versions 4, 5, and 5.1 are vulnerable to what is known in security circles as a cross-site scripting attack, according to Microsoft. It's a sophisticated attack that requires the attacker to lure a Web surfer to visit a specially designed Web site and open a link. The request to open the link is sent to another IIS server, and that server can send a script that would run on the user's machine and make it vulnerable.
Other IIS patches take care of flaws that can result in a denial-of-service attack in IIS versions 4 and 5; a second denial-of-service flaw that affects both versions 4 and 5; and a buffer overflow vulnerability in version 5 that allows attackers to run code of their choice on vulnerable servers.
A patch for a flaw in Windows Media Services in Windows 2000 and NT 4.0 was also released on Wednesday.
All of the patches and more information about the security vulnerabilities are available at www.microsoft.com/security.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.