Microsoft Unleashes Batch Of Patches

IIS versions 4, 5, and 5.1 are vulnerable to what is known in security circles as a cross-site scripting attack, according to Microsoft. It's a sophisticated attack that requires the attacker to lure a Web surfer to visit a specially designed Web site and open a link. The request to open the link is sent to another IIS server, and that server can send a script that would run on the user's machine and make it vulnerable.

Other IIS patches take care of flaws that can result in a denial-of-service attack in IIS versions 4 and 5; a second denial-of-service flaw that affects both versions 4 and 5; and a buffer overflow vulnerability in version 5 that allows attackers to run code of their choice on vulnerable servers.

A patch for a flaw in Windows Media Services in Windows 2000 and NT 4.0 was also released on Wednesday.

All of the patches and more information about the security vulnerabilities are available at www.microsoft.com/security.

This story courtesy of InformationWeek.