Update: :idea:

Upon a Interesting email this morning.

It is highly recommends that you update Win 2k. Whether you read this or not, I recommed a upgrade.

Here is the article:

- TOP STORIES -

** MS Warns Of Serious Vulnerability

Microsoft is warning that an "extremely serious" flaw in Windows
2000 could enable a cracker to control any system running
Internet Information Services (IIS) 5.0 software that ships with
the operating system. Earlier versions are not affected.

"Upgrade the patch before you read the bulletin
[http://update.informationweek.com/cgi-bin4/flo?y=eDaq0BdTCV0V20NU30Ac ],"
warns Scott Culp, a Microsoft security program manager. Culp says
an unchecked buffer in the services that support Internet
printing capabilities causes the vulnerability. He adds that
users who turn off the printing services are not vulnerable.

The extent of the vulnerability is severe. "There is virtually
nothing a malicious hacker couldn't do to an exploited system,"
Culp says. Microsoft says it has distributed information about
the vulnerability and started contacting certain customers before
the company released the patch at 1 p.m. EDT Tuesday. A security
software firm, eEye Digital Security, notified Microsoft of the
vulnerability 10 days earlier.

Gartner analyst John Pescatore says a large portion of Windows
2000 users probably have not turned off the affected services and
should either do so or install the patch immediately. Pescatore
says Microsoft made a critical error. "IIS has been a cancer on
Windows 2000," he says. "Including that code in the Windows 2000
base vs. it being a separate application was a huge mistake." -
George V. Hulme


As a person and a company we do like to report important info like this to help others out. We hope it helps make your windows enviroment a little more secure.

And as usual we can thank Bill for this, hopefully no one got hacked...

Joe

Well, I run Apache on 2000 so Im safe. Ive never liked IIS - :D

I like their sexual discriminations on this bulletin:

http://www.microsoft.com/technet/security/bulletin/MS01-023.asp

A security vulnerability results because the ISAPI extension contains an unchecked buffer in a section of code that handles input parameters. This could enable a remote attacker to conduct a buffer overrun attack and cause code of her choice to run on the server. Such code would run in the Local System security context. This would give the attacker complete control of the server, and would enable her to take virtually any action she chose.

i think they are proving a point that there ARE indeed female hackers out there, and this is more of a "Female" vulnerability :D

That's not uncommon at all - using female pronouns instead of reducing readability with "his/her" and so forth.

They might also simply be using female pronouns on every second publication, to balance things out.

Kevin

:D

What next? will they start to include what religion the person is attempting to break in?

:rolleyes:

Nothing personal, but posting a message with the subject "***IMPORTANT UPGRADE*** FOR Windows 2000" in the general web hosting forum seems like nothing less than spam to me. At the very least, it should have gone under the security forum, which would be much more suitable for this kind of thing. :mad:

The fact that you feel this is spam, is where theres a problem.

Maybe its in the wrong place, but this was done to help anyone who hasnt heard about it.

Theres no promotion, or anything other then doing my job and making others aware.

Its quite insulting you have the nerve to say that.

:angry:
Joe

Hey Joe calm down. We really aprreciate this piece of information. Thanks

Im calm, it was just a little insulting.

Its not like I do it for bad reasons, its just information and the more you know, the more you can prepare and innovate for tommorow.

Joe

OMG do you work for microsoft?

that is definitely the kind of spiel Bill-G would come out with :D