IIS finds 10 vulnerabilities server portal Open

Source: Internet
Author: User
Tags iis
iis| Security | security Vulnerabilities | Server Microsoft announced on April 10 that 10 new security vulnerabilities were found in the company's Web server software, Internet information server/services (IIS). The version affected by these security vulnerabilities is IIS 4.0/5.0/5.1. If someone maliciously exploits one of the most serious security vulnerabilities, you can even run any program on the Web server. As the patch for all of these vulnerabilities has been announced, server managers should be used as early as possible.
Of the 10 security vulnerabilities mentioned above, 5 are related to buffer overflow, 2 are related to denial of service, and 3 are related to cross site scripting.
In which, if someone maliciously exploits a security vulnerability about a buffer overflow, you can run any program on a Web site that uses IIS. In the worst of times, there may even be a "Nimda" worm (virus) that has brought about great disasters.
In addition, if someone maliciously exploits the security vulnerabilities of a cross-site script, it will cause a loss to the average user.
It can be said that the situation is quite serious, so the Device Manager running IIS should use the released patches as soon as possible. After using the published patch, please verify the registration and confirm that the patch has been adopted. The method of confirmation is published in the public information of Microsoft in Japan.
However, you should also be aware of the following when using patches in IIS 4.0: After you install IIS 4.0, you need to confirm that Windows NT 4.0 Service Pack 5 or 6a is available.
In addition, the release of the patch includes all previously announced security patches for IIS. But, as mentioned in the "Warning Bar" in Microsoft's public message, there have been instances in the past when only patches were unable to prevent security vulnerabilities. For such vulnerabilities, you need to adopt a method of changing the settings. For specific settings to change the method, please refer to Microsoft's public information and so on.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.