Microsoft FrontPage Susceptible To Major Security Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Microsoft FrontPage Susceptible To Major Security Flaws

Critical flaw in FrontPage server extensions lets attackers seize control of Web servers or crash the system

Administrators barely had time to test and batch last week's round of critical Microsoft vulnerabilities before the company issued yet another critical warning. In a new bulletin, Microsoft says there's a critical flaw in its FrontPage server extensions that lets attackers to seize control of Web servers or crash the system.

In Microsoft Security Bulletin MS02-053, the company warns users of FrontPage Server Extensions 2002 and 2000 that they are vulnerable and should patch immediately. Users of previous versions "may, or may not" be affected by these security defects, because earlier versions are no longer supported and haven't been tested for this vulnerability. The flaw is within Microsoft's SmartHTML Interpreter, which provides support for Web forms and dynamic content.

According to the advisory, issued late Wednesday, users running FrontPage Server extensions 2000 are susceptible to a denial-of-service attack. Because of the flaw, the attacker could cause most CPU usage to be consumed until the Web service is restarted. Those running extensions used in FrontPage 2002 face an even more damaging vulnerability: The way the flaw works in that version creates a buffer overrun, so attackers potentially could run applications of their choice and do whatever they wish on the server.

If the Web server is static, Microsoft says the IIS Lockdown Tool disables the SmartHTML Interpreter. FrontPage Server Extensions are installed by default on Internet Information Services versions 4.0, 5.0, and 5.1, but can be removed.

For patches and more information, Microsoft's bulletin MS02-53 can be found at www.microsoft.com/security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll