Microsoft patches up IIS, Windows Media Services

Microsoft Corp. released two security bulletins on Wednesday, warning of security holes in its Web server software and in Windows Media Services affecting various versions of the Windows operating system.

The Redmond, Wash., vendor released a cumulative patch for its Internet Information Services or Internet Information Server (IIS) Web server software, a component of Windows NT 4.0, Windows 2000 and Windows XP. The patch includes earlier patches for the Web server as well as four new fixes, Microsoft said in Bulletin MS03-018. The bulletin and patch can be found at www.microsoft.com/technet/security/bulletin/MS03-018.asp.

The IIS flaws newly patched in bulletin MS03-018 have various severity ratings. Most serious, according to Microsoft, is a denial of service vulnerability that could allow an attacker to cause IIS versions 5.0 and 5.1 to fail. The cumulative patch is for IIS versions 4.0, 5.0 and 5.1 and is rated “important” by Microsoft.

The second bulletin released Wednesday addresses a flaw in Windows Media Services, software for streaming media over a network. It affects Windows NT 4.0 and Windows 2000. The flaw involves the way the software handles incoming requests. Exploiting that flaw could cause IIS on the affected system to stop handling Internet requests, Microsoft said in Bulletin MS03-019. The bulletin and patch can be found at www.microsoft.com/technet/security/bulletin/MS03-019.asp.

Windows Media Services is included with Windows 2000 but not installed by default. It is a downloadable option on Windows NT 4.0, Microsoft said. This flaw is rated “moderate” by Microsoft.

Microsoft has a four-tiered system for rating security issues. Under the system, only vulnerabilities that could be exploited to allow malicious Internet worms to spread without user action are rated critical. Issues that are rated important could still expose user data or threaten system resources. Vulnerabilities rated moderate are hard to exploit because of factors such as default configuration or auditing, or difficulty of exploitation.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now