MICROSOFT RELEASED A patch Wednesday that fixes 10 security flaws in various versions of the Web server component of Windows NT 4.0, Windows 2000 and Windows XP.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
The most serious of the flaws could allow an attacker to take over a user's system, moving Microsoft to label the cumulative patch "critical" and to urge all customers hosting Web sites using the affected software to install the patch immediately.

Affected are Microsoft's Internet Information Server (IIS) 4.0, IIS 5.0 and IIS 5.1, Microsoft said. IIS 4.0 is part of the Windows NT 4.0 Option Pack, IIS 5.0 ships as part of Windows 2000 Datacenter Server, Advanced Server and Professional, and IIS 5.1 is part of Windows XP Professional, according to Microsoft.

Microsoft said it found two of the flaws itself, possibly as part of the effort to clean up its code. The software maker thanks various security vendors and experts for reporting the other vulnerabilities.

The cumulative patch, besides plugging the new holes, also fixes all of the vulnerabilities patched for IIS 4.0 since Windows NT 4.0 Service Pack 6a and all vulnerabilities patched to date for IIS 5.0 and 5.1. System administrators are cautioned to read the caveats section in Microsoft security bulletin MS02-018 before applying the patch.

More information on the security vulnerabilities and the patches can be found at: http://www.microsoft.com/technet/security/bulletin/MS02-018.asp