Microsoft FrontPage Susceptible To Major Security Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Microsoft FrontPage Susceptible To Major Security Flaws

Critical flaw in FrontPage server extensions lets attackers seize control of Web servers or crash the system

Administrators barely had time to test and batch last week's round of critical Microsoft vulnerabilities before the company issued yet another critical warning. In a new bulletin, Microsoft says there's a critical flaw in its FrontPage server extensions that lets attackers to seize control of Web servers or crash the system.

In Microsoft Security Bulletin MS02-053, the company warns users of FrontPage Server Extensions 2002 and 2000 that they are vulnerable and should patch immediately. Users of previous versions "may, or may not" be affected by these security defects, because earlier versions are no longer supported and haven't been tested for this vulnerability. The flaw is within Microsoft's SmartHTML Interpreter, which provides support for Web forms and dynamic content.

According to the advisory, issued late Wednesday, users running FrontPage Server extensions 2000 are susceptible to a denial-of-service attack. Because of the flaw, the attacker could cause most CPU usage to be consumed until the Web service is restarted. Those running extensions used in FrontPage 2002 face an even more damaging vulnerability: The way the flaw works in that version creates a buffer overrun, so attackers potentially could run applications of their choice and do whatever they wish on the server.

If the Web server is static, Microsoft says the IIS Lockdown Tool disables the SmartHTML Interpreter. FrontPage Server Extensions are installed by default on Internet Information Services versions 4.0, 5.0, and 5.1, but can be removed.

For patches and more information, Microsoft's bulletin MS02-53 can be found at www.microsoft.com/security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
IT Salary Report 2020: Get Paid What You Are Worth
Jessica Davis, Senior Editor, Enterprise Apps,  2/12/2020
Slideshows
10 Analytics and AI Startups You Should Know About
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/19/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll