Microsoft FrontPage Susceptible To Major Security Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Microsoft FrontPage Susceptible To Major Security Flaws

Critical flaw in FrontPage server extensions lets attackers seize control of Web servers or crash the system

Administrators barely had time to test and batch last week's round of critical Microsoft vulnerabilities before the company issued yet another critical warning. In a new bulletin, Microsoft says there's a critical flaw in its FrontPage server extensions that lets attackers to seize control of Web servers or crash the system.

In Microsoft Security Bulletin MS02-053, the company warns users of FrontPage Server Extensions 2002 and 2000 that they are vulnerable and should patch immediately. Users of previous versions "may, or may not" be affected by these security defects, because earlier versions are no longer supported and haven't been tested for this vulnerability. The flaw is within Microsoft's SmartHTML Interpreter, which provides support for Web forms and dynamic content.

According to the advisory, issued late Wednesday, users running FrontPage Server extensions 2000 are susceptible to a denial-of-service attack. Because of the flaw, the attacker could cause most CPU usage to be consumed until the Web service is restarted. Those running extensions used in FrontPage 2002 face an even more damaging vulnerability: The way the flaw works in that version creates a buffer overrun, so attackers potentially could run applications of their choice and do whatever they wish on the server.

If the Web server is static, Microsoft says the IIS Lockdown Tool disables the SmartHTML Interpreter. FrontPage Server Extensions are installed by default on Internet Information Services versions 4.0, 5.0, and 5.1, but can be removed.

For patches and more information, Microsoft's bulletin MS02-53 can be found at www.microsoft.com/security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
News
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll