Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

Training Express computer learning guides

 

ITrain - International Association of Information Technology Trainers

Microsoft IIS Security Hole

Users urged to install patch

ITINFO Sponsor

Professional Training Certification

Certification means more business.
Vendor-neutral certification means credibility.

If you're a trainer or an author of training materials, see if you've got the right stuff.

Get certified today.

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Microsoft Reports Serious IIS Vulnerability

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder Microsoft urges all customers to take action immediately to install a patch to correct the security vulnerability in Microsoft Internet Information Server. Microsoft describes this IIS bug as "clearly, a serious vulnerability."

As part of its installation process, IIS installs several ISAPI extensions -- .dlls that provide extended functionality. Among these is idq.dll, which is a component of Index Server (known in Windows 2000 as Indexing Service) and provides support for administrative scripts (.ida files) and Internet Data Queries (.idq files).

A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.

Customers who cannot install the patch can protect their systems by removing the script mappings for .idq and .ida files via the Internet Services Manager in IIS. However, as discussed in detail in the FAQ, it is possible for these mappings to be automatically reinstated if additional system components are added or removed. Because of this, Microsoft recommends that all customers using IIS install the patch, even if the script mappings have been removed.

Dave's Opinion

This is a buffer overrun vulnerability. An attacker can use this vulnerability to gain complete control over a Microsoft web server. Once control is gained, the attacker could take any action on the server, including changing webpages, reformatting the hard drive or adding new users to the local administrators group.

If you're running MS IIS, install the patch immediately. Also, tell your clients about this security hole and help them install the patch, too.

Call for Comments

What do you think? Leave your comments on the message center.

References

Microsoft's Security Information
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated June 19, 2001
http://dgl.com/itinfo/2001/it010619.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved