Microsoft FrontPage Susceptible To Major Security Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Microsoft FrontPage Susceptible To Major Security Flaws

Critical flaw in FrontPage server extensions lets attackers seize control of Web servers or crash the system

Administrators barely had time to test and batch last week's round of critical Microsoft vulnerabilities before the company issued yet another critical warning. In a new bulletin, Microsoft says there's a critical flaw in its FrontPage server extensions that lets attackers to seize control of Web servers or crash the system.

In Microsoft Security Bulletin MS02-053, the company warns users of FrontPage Server Extensions 2002 and 2000 that they are vulnerable and should patch immediately. Users of previous versions "may, or may not" be affected by these security defects, because earlier versions are no longer supported and haven't been tested for this vulnerability. The flaw is within Microsoft's SmartHTML Interpreter, which provides support for Web forms and dynamic content.

According to the advisory, issued late Wednesday, users running FrontPage Server extensions 2000 are susceptible to a denial-of-service attack. Because of the flaw, the attacker could cause most CPU usage to be consumed until the Web service is restarted. Those running extensions used in FrontPage 2002 face an even more damaging vulnerability: The way the flaw works in that version creates a buffer overrun, so attackers potentially could run applications of their choice and do whatever they wish on the server.

If the Web server is static, Microsoft says the IIS Lockdown Tool disables the SmartHTML Interpreter. FrontPage Server Extensions are installed by default on Internet Information Services versions 4.0, 5.0, and 5.1, but can be removed.

For patches and more information, Microsoft's bulletin MS02-53 can be found at www.microsoft.com/security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Commentary
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
News
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll