Vendor fixes flaws in its Internet Information Services and Windows Media Services software.
Microsoft on Wednesday released a batch of patches that fix security holes in several versions of its Internet Information Services software.
IIS versions 4, 5, and 5.1 are vulnerable to what is known in security circles as a cross-site scripting attack, according to Microsoft. It's a sophisticated attack that requires the attacker to lure a Web surfer to visit a specially designed Web site and open a link. The request to open the link is sent to another IIS server, and that server can send a script that would run on the user's machine and make it vulnerable.
Other IIS patches take care of flaws that can result in a denial-of-service attack in IIS versions 4 and 5; a second denial-of-service flaw that affects both versions 4 and 5; and a buffer overflow vulnerability in version 5 that allows attackers to run code of their choice on vulnerable servers.
A patch for a flaw in Windows Media Services in Windows 2000 and NT 4.0 was also released on Wednesday.
All of the patches and more information about the security vulnerabilities are available at www.microsoft.com/security.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.