Windows Users Threatened by IIS, IE, Messenger Flaws

Microsoft on Wednesday admitted to three serious new security vulnerabilities, one of which could allow attackers to seize control of Web sites utilizing Internet Information Services (IIS), the company's Web server. IIS currently runs over one-third of

Paul Thurrott

June 12, 2002

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Microsoft on Wednesday admitted to three serious new security vulnerabilities, one of which could allow attackers to seize control of Web sites utilizing Internet Information Services (IIS), the company's Web server.  IIS currently runs over one-third of all Web sites on the Internet, though it has a larger percentage of the market for corporate Web sites. Microsoft has issued a patch for this vulnerability, which affects the IIS versions in Windows NT and 2000, but not XP.

Two other vulnerabilities affect Microsoft's Internet Explorer (IE) and MSN Messenger applications; both are described as "critical." The IE vulnerability, which was announced last week, but was recently found to be more serious than initially expected, affects versions 5.01, 5.5, and 6.0 of the product, as well as Proxy Server 2.0 and ISA Server 2000. The MSN Messenger vulnerability is actually fixed by a patch that was released in May, but could allow attackers to run programs on the user's PC. This vulnerability also affects MSN Chat and Exchange Messenger.

End users can upgrade MSN Messenger through Auto Update or Windows Update. For server-based patches, please refer to the Microsoft Security Web site.

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like