Home M$ security hole in IIS 4.0/5.0
News

M$ security hole in IIS 4.0/5.0

Geoff Gasior
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

Microsoft has just released a patch to fix what looks like a pretty major hole in IIS 4.0/5.0. The hole allows web h4x0rs to run programs on a web site and take other ‘destructive’ action (what, like installing Apache?) The good thing appears to be that if you already ran a patch to fix the problems associated with Microsoft Security Bulletin MS00-057 (this one is 078), then you should be fine, and don’t have to install this latest patch.

Due to a canonicalization error in IIS 4.0 and 5.0, a particular type of malformed URL could be used to access files and folders that lie anywhere on the logical drive that contains the web folders. This would potentially enable a malicious user who visited the web site to gain additional privileges on the machine – specifically, it could be used to gain privileges commensurate with those of a locally logged-on user. Gaining these permissions would enable the malicious user to add, change or delete data, run code already on the server, or upload new code to the server and run it.

More information on the patch is available here with patches for IIS 4.0 and 5.0. The patch will also be included with the upcoming Service Pack 7.0 for NT.

Latest News

XRP Falls to $0.3 Amid Massive Weekend Sell-off - Can $1 Be Achieved Post-Halving?
Crypto News

XRP Falls to $0.3 Amid Massive Weekend Sell-off – Can $1 Be Achieved Post-Halving?

Cardano Could Rally to $27 After Bitcoin Halving if Historical Performance
Crypto News

Cardano Could Rally to $27 After Bitcoin Halving Following a Historical Performance

Cardano is one of the fastest-growing ecosystems in the crypto market. Historical data suggests that its native token ADA could likely break its all-time high and surge to $27 after...

Japanese Banking Firm Launches Passive Income Program for Shiba Inu
Crypto News

Japanese Banking Firm Launches Passive Income Program for Shiba Inu

SBI VC Trade, the digital asset division of the prominent Japanese financial conglomerate SBI Group, has unveiled a new lending service, “Rent Coin.” The Japanese banking giant announced the recent...

Ripple CLO Clarifies Future Steps With the SEC While Quenching Settlement Rumors
Crypto News

Ripple CLO Clarifies Future Steps With the SEC While Quenching Settlement Rumors

Cisco Launches AI-Driven Security Solution 'Hypershield'
News

Cisco Launches AI-Driven Security Solution ‘Hypershield’

Crypto analyst April top picks
Crypto News

Crypto Analyst Reveals His Top Three Investments for April

You May Soon Have to Pay to Tweet on X, Hints Musk
News

You May Soon Have to Pay to Tweet on X, Hints Musk