ad info




CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:

COMPUTING

Microsoft issues fixes for Win2000 security holes

February 1, 2000
Web posted at: 8:58 a.m. EST (1358 GMT)

by Douglas F. Gray

From...
IDG.net
Image

(IDG) -- Microsoft managed to beat itself to the punch last week, issuing the first patches to fix security holes in the much delayed Windows 2000 operating system -- several weeks before its official release date.

Two security bugs were detected in Microsoft Index Server, search engine software found in both Windows NT and Windows 2000. The first could allow a malicious user to view, but not change, add or delete, files from a Web server, while the second could reveal the physical location of Web directories on the server, according to a security bulletin issued by Microsoft last week. The bulletin also said that the two glitches were unrelated except for the fact that they both were found in the Index Server.
  MESSAGE BOARD
Windows 2000
 

Windows 2000, Microsoft's new operating system for corporate users, is scheduled to be officially released on Feb. 17. Index Server is a tool designed to allow users to perform full-text, online searches via a Web browser. It was designed to search Word, PowerPoint and Excel documents as well as standard HTML (hypertext markup language) documents, according to information from Microsoft's Web site.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Make your PC work harder with these tips
  Top 10 utilities to keep around even after you upgrade Windows
  How to remove Windows 3.x/9x/NT/2000 and install Linux in its place
  First Windows 2000 virus detected

The first bug, or the Malformed Hit-Highlighting Argument "vulnerability," as Microsoft calls it, allows users to request information beyond their security access via a specific type of malformed request.

"It's highly possible that someone could take advantage of the vulnerability," said David Litchfield, security analyst at U.K.-based Cerberus Information Security, who originally spotted the bug. "But it depends on what the ultimate end of the attacker is," he noted. "If he's trying to look for sensitive files on the Web server. . . or view the source of active server pages, he can do that."

Microsoft's patch, which he has installed on his system, does eliminate the problem, Litchfield said.

More information regarding both security bugs, including the patches, can be found at Microsoft's homepage.


RELATED STORIES:
Microsoft combines Neptune, Odyssey into Whistler
January 27, 2000
Cutting the cost of Windows 2000 migration
January 26, 2000
Microsoft, Intel donation to help train 400,000 teachers
January 25, 2000
Some Windows 2000 PCs will jump the gun
January 19, 2000
Viruses boom on the Net
January 18, 2000
Windows 2000 virus: Stunt or preview?
January 17, 2000

RELATED IDG.net STORIES:
Top 10 utilities to keep around even after you upgrade Windows
(PC World Online)
How to remove Windows 3.x/9x/NT/2000 and install Linux in its place
(LinuxWorld)
First Windows 2000 virus detected
(NetworkWorld Fusion)
Installing Windows 2000 RC2
(NetworkWorld Fusion)
Microsoft vows security committment on Windows 2000
(NetworkWorld Fusion)
Survey reveals keys to cheaper Win 2000 migration
(NetworkWorld Fusion)
E-BusinessWorld
(IDG.net)
Year 2000 World
(IDG.net)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
Microsoft's Homepage
Cerberus Information Security
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.