Widespread Microsoft critical security hole

Author
Aron Schatz
Posted
November 20, 2002
Views
1433
Tags Bugs

Page All:

Page 1
Microsoft has deemed a new hole critical. If you are running IIS (Why would you?), you should seriously consider moving to Linux.

Quote

The flaw affects IIS Web servers using the Microsoft Data Access Component (MDAC) to talk to a database. Servers running the latest software, MDAC 2.7, are free from the security hole, as are servers on which an administrator has run the IIS Lockdown Tool, an application that helps secure systems.

Windows computers, except those running Windows XP, are also vulnerable if Internet Explorer 5.01, 5.5 and 6 are present, as they also use the data access component. However, attacks on such systems are harder to accomplish, Terwoerds said. Outlook Express 6 and Outlook 2000 are immune to attack in their default configurations, and other versions of the mail client can be made safe by using the Outlook E-mail Security Update, she said.

Title

Medium Image View Large