ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Microsoft IIS 5.0 Bug

Windows 2000 servers vulnerable to attack

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

Microsoft IIS 5.0 Opens Security Hole in Windows 2000

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder Microsoft Corp. confirmed today that their webserver, IIS 5.0, opens a security hole in Windows 2000 (W2k) servers. Both W2k Server and W2k Advanced Server are affected by the bug, and an security patch is available from Microsoft. W2k Datacenter Server is hardware specific and security patches may be available from the OEM (Original Equipment Manufacturer).

An ISAPI extension which implements the Internet Printing Protocol (IPP), is at the root of the problem. IPP is a neat feature of W2k that grants permission to submit print jobs via HTTP to another PC connected to the Internet.

The ISAPI extension contains an unchecked buffer which enables a remote attacker to create a buffer overrun. The attacker can then submit code which would run in the Local System security context. By gaining Local System privileges, an attacker can gain complete control over a server, with the ability to load and execute any program; add, change or delete any data, including webpages; execute system commands; reconfigure the system; add new users or delete existing ones; and reformat the hard drive.

Microsoft recognizes the seriousness of this vulnerability and strongly recommends that all IIS 5.0 administrators to install the patch immediately.

Microsoft also confirms that a firewall does not protect the network against intrusion in this case. Internet Printing operates over HTTP or HTTPS as part of a web session. As long as an attacker can start a web session with an affected server, that server is vulnerable.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft Security Bulletin
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/2001/it010501.html
updated May 1, 2001