02:07 PM
Connect Directly

Microsoft Unleashes A Hailstorm of Patches

Vendor fixes flaws in its Internet Information Services and Windows Media Services software.

Microsoft on Wednesday released a batch of patches that fix security holes in several versions of its Internet Information Services software.

IIS versions 4, 5, and 5.1 are vulnerable to what is known in security circles as a cross-site scripting attack, according to Microsoft. It's a sophisticated attack that requires the attacker to lure a Web surfer to visit a specially designed Web site and open a link. The request to open the link is sent to another IIS server, and that server can send a script that would run on the user's machine and make it vulnerable.

Other IIS patches take care of flaws that can result in a denial-of-service attack in IIS versions 4 and 5; a second denial-of-service flaw that affects both versions 4 and 5; and a buffer overflow vulnerability in version 5 that allows attackers to run code of their choice on vulnerable servers.

A patch for a flaw in Windows Media Services in Windows 2000 and NT 4.0 was also released on Wednesday.

All of the patches and more information about the security vulnerabilities are available at

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.