Microsoft BizTalk Preview; Component Vulnerability; Escape Characters Vulnerability
In this issue of Keeping Up with IIS, read about the new preview of Microsoft's BizTalk server, a link view server-side component vulnerability, and a myriad escape characters vulnerability.
April 24, 2000
Microsoft Releases Biztalk Server Technology Preview
In a previous issue, I wrote regarding BizTalk and XML. I mentioned that Microsoft's BizTalk server was in the alpha stages and should be ready for beta release this summer. Well, in the interim, Microsoft has released a technology preview of the new BizTalk Server 2000. It's not quite beta yet, but it's worth a look to see Microsoft's direction. Microsoft still promises a beta version this summer and general availability in the fall.
Link View Server-Side Component Vulnerability
On April 14, reports circulated about a vulnerability in dvwssr.dll, a component included in some IIS installations. This DLL suffers from a buffer overflow vulnerability that can let some users who already have Web-authoring permissions view on the same machine other files for which they don't have permissions. Microsoft has released a workaround [http://www.microsoft.com/technet/security/bulletin/ms00-025.asp] that instructs administrators to simply remove the DLL.
Myriad Escape Characters Vulnerability
Earlier this month, Microsoft released a patch for IIS that fixes a potential Denial of Service (DoS) attack. If a malicious user sends a Web server a log URL filled with escape character sequences, including special characters such as the space symbol (%20), it could needlessly tie up the CPU, creating a DoS condition.
Read more about:
MicrosoftAbout the Author
You May Also Like