Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

Training Express computer learning guides

 

ITrain - International Association of Information Technology Trainers

Bug Hits Microsoft Webservers

Security hole opens all files to everyone

ITINFO Sponsor

Certification Required.

Trainers need certification to get ahead. Professionalization and certification open doors to greater training opportunities and higher earnings.

The first step to PTT certification is to successfully complete the Train the Trainer Advanced Seminar & Conference. This 2-day event will hone your training skills beyond what you may have imagined possible. And it makes you eligible to apply for Professional Technical Trainer certification.

The seminars are offered at least once each month. Register now, get professionalized, and get ahead.

Seminar details
Certification details

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Microsoft Webservers Laid Open For All To See

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Microsoft is scrambling to repair damage caused by a security hole in its IIS 4 & 5 webserver that runs on Windows NT/2000. Microsoft claims over four million IIS websites, and each one of them is at risk of releasing sensitive data through the security hole. Called the "Web Server Folder Traversal" error, the flaw allows users to execute files on an IIS website by requesting a specific web address. Microsoft released a bulletin about the problem Tuesday, urging customers to patch their systems.

The bug allows access to any file on the webserver via a specified URL. Like all webservers, IIS is supposed to prevent access to files that aren't intended to be part of the website.

Microsoft has released a patch that will close the security hole. IIS webmasters may download and install the patch from Microsoft's Security Bulletin site.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft Security Bulletins
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated October 17, 2000
http://dgl.com/itinfo/2000/it001017.html

Return to DGL homepage
Copyright © 2000, Damar Group, Ltd., All Rights Reserved