Severe IIS Security Hole

Posters Name: Kagato
Posters Email:
Subject: Severe IIS Security Hole

Not sure if this affects anyone, as everyone knows, real web servers run Apache!. Anyhew, Microsoft announced yesterday that there is a serious software flaw with its IIS web server. The "vulnerability affects a function in the server software that allows Web administrators to change passwords for an Internet site." [Takes a step onto the soapbox] The worst thing about this issue is that a researcher with eEye Digital Security discovered the flaw in MID-APRIL but it wasn't announced publicly because of an agreement with Microsoft. Yeah, now I can see why Microsoft prefers you contact them and not publicly announce when you find a security hole/bug, because it takes them TWO FREAGIN' MONTHS to patch the blasted thing. Uhm, let's see, surely there are hackers good enough who would eventually find this bug, Microsoft tells nobody about it because that would be "bad", all the while the hackers are running amuck until Microsoft can finally resolve the issue and then alert the public. Yeah, there's a GREAT plan *SIGH*. Anyway, if you ARE running IIS, you can download the patch from Microsoft. [Steps down from the soapbox]

MWGL News - Printer Friendly Version