FW: Microsoft warns of serious vulnerability

Just a heads-up. Don't know how many of you would be affected by this. Saw
this posted on InformationWeek this am. Thought of you guys running W2K
Server/IIS. I've deleted all the other stuff that didn't pertain to this
and left in all the sponsor stuff so you'll know this is legitimate. Click
the link between the [ ] then on "Headlines".

Terry L. Williams I.S. Manager Chipsco, Inc. 9936 Liberty St. Ext.
Meadville, PA 16335 814-333-6331 fax: 814-337-2548 tlw@...
www.chipsco.com

-----Original Message-----
From: InformationWeek [mailto:InformationWeek@...]
Sent: Wednesday, May 02, 2001 4:11 AM
To: tlw@...
Subject: Microsoft warns of serious vulnerability

GOOD MORNING! Today is May 2, and this is ... InformationWeek
Daily! Business innovation powered by technology brought to you
by InformationWeek magazine. Check out
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20WH0AN

*****************************************
Sponsored by PKWare, Inc.
Concerned about Email viruses? Do you use X.509v.3-based
Public Key Certificates and want to authenticate and detect
changes to any data file type? Use PKZIP Explorer to Compress and
Digitally Sign one or thousands of files. TRY IT NOW!
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20NC70A3
*****************************************

* TODAY'S HEADLINES -
** MS Warns Of Serious Vulnerability

-----------------------------------------

* TOP STORIES -

** MS Warns Of Serious Vulnerability
Microsoft is warning that an "extremely serious" flaw in Windows 2000 could
enable a cracker to control any system running Internet Information Services
(IIS) 5.0 software that ships with the operating system. Earlier versions
are not affected.
"Upgrade the patch before you read the bulletin
[ http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20NU30AI ],
" warns Scott Culp, a Microsoft security program manager. Culp says an
unchecked buffer in the services that support Internet printing capabilities
causes the vulnerability. He adds that users who turn off the printing
services are not vulnerable.
The extent of the vulnerability is severe. "There is virtually nothing a
malicious hacker couldn't do to an exploited system," Culp says. Microsoft
says it has distributed information about the vulnerability and started
contacting certain customers before the company released the patch at 1 p.m.
EDT Tuesday. A security software firm, eEye Digital Security, notified
Microsoft of the vulnerability 10 days earlier.
Gartner analyst John Pescatore says a large portion of Windows
2000 users probably have not turned off the affected services and
should either do so or install the patch immediately. Pescatore
says Microsoft made a critical error. "IIS has been a cancer on
Windows 2000," he says. "Including that code in the Windows 2000
base vs. it being a separate application was a huge mistake." -
George V. Hulme
For related stories, see:
Windows 2000 Security Represents A Quantum Leap
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20NU40AJ
Security: The Enemy Within
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20NU50AK
Microsoft Warns of Spoofed Certificates
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20NU60AL


*****************************************
Sponsored by PKWare, Inc.
Concerned about Email viruses? Do you use X.509v.3-based
Public Key Certificates and want to authenticate and detect
changes to any data file type? Use PKZIP Explorer to Compress and
Digitally Sign one or thousands of files. TRY IT NOW!
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20NC70A3
*****************************************

Copyright 2001 CMP Media. A service of InformationWeek.
You're subscribed as tlw@...
To change your E-mail address visit
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20Lzf0Ai
To unsubscribe, visit
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20Lzg0Aj
Did someone forward this to you? Get your own issue at
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20Lzh0Ak
Still not receiving your own FREE subscription to InformationWeek
magazine? Subscribe by going to
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20Lzi0Al
Read our privacy policy at
http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdWK70V20Mjh0AV
This message powered by FloNetwork
http://www.flonetwork.com