Microsoft announced on April 10 that the company's Web server Software "Internet information server/services (IIS)" Found 10 new security vulnerabilities. The version affected by these security vulnerabilities is IIS 4.0/5.0/5.1. If someone maliciously exploits one of the most serious security vulnerabilities, you can even run any program on the Web server. As the patch for all of these vulnerabilities has been announced, server managers should be used as early as possible.
Of the 10 security vulnerabilities mentioned above, 5 are related to buffer overflow, 2 are related to denial of service, and 3 are related to cross site scripting.
In which, if someone maliciously exploits a security vulnerability about a buffer overflow, you can run any program on a Web site that uses IIS. In the worst of times, there may even be a "Nimda" worm (virus) that has brought about great disasters.
In addition, if someone maliciously exploits the security vulnerabilities of a cross-site script, it will cause a loss to the average user.
It can be said that the situation is quite serious, so the Device Manager running IIS should use the released patches as soon as possible. After using the published patch, please verify the registration and confirm that the patch has been adopted. The method of confirmation is published in the public information of Microsoft in Japan.
However, you should also be aware of the following when using patches in IIS 4.0: After you install IIS 4.0, you need to confirm that Windows NT 4.0 Service Pack 5 or 6a is available.
In addition, the release of the patch includes all previously announced security patches for IIS. But, as mentioned in the "Warning Bar" in Microsoft's public message, there have been instances in the past when only patches were unable to prevent security vulnerabilities. For such vulnerabilities, you need to adopt a method of changing the settings. For specific settings to change the method, please refer to Microsoft's public information and so on.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
