|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Microsoft issues server vulnerability warning By Patrick Gray, 0 May 07, 2003 URL: http://www.zdnet.com.au/news/security/soa/Microsoft-issues-server-vulnerability-warning/0,130061744,120274288,00.htm
Two vulnerabilities have been found in Microsoft's Biztalk server software, the most serious of which could allow an attacker to fully compromise a targeted Biztalk server. Microsoft has release an advisory that details the scope of the vulnerabilities, which points out the severity of the more serious 'buffer overflow' glitch. "[The vulnerability] could provide the attacker with the ability to take any desired action on the machine, such as adding, deleting, or modifying data on the system, and creating or deleting user accounts," it says. Despite the seriousness of the vulnerabilities, Microsoft has not recommended the immediate application of a software patch that eradicates the security flaws, and has rated the issue as important, but not critical. "Systems administrators using Microsoft BizTalk should consider applying the patch," the advisory says. The less serious glitch is a 'SQL injection' vulnerability that may allow an attacker to execute malicious SQL statements. That problem has been rated as moderate. SQL injection vulnerabilities can lead to database statements being executed that may lead to loss and modification of data. The problems were found by security researcher Cesar Cerrudo, who reported the problems to Microsoft and worked with them to produce a fix.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
