Windows Security Update - A new denial of service attack has been found in IIS 4.0 and 5.0. Sending IIS a specially coded URL that contains an excessive number of escape characters, the service is caused to perform more work than necessary, which reduces available processor cycles.
1e1d9f017223668bbeac99eec044089feca325a2062de4af6a754f9f6a651f23
================= VERISIGN - THE INTERNET TRUST COMPANY =================
Upgrade your server security to 128-bit SSL encryption! Get VeriSign's
FREE guide, "Securing Your Web Site for Business." You will learn
everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions for serious online security.
Click here! http://www.verisign.com/cgi-bin/go.cgi?a=n046607850014000
=========================================================================
April 12, 2000 - Vanja Hrustic reported a problem with IIS 4.0 and 5.0
that could allow minor temporary denial of service attacks to be launched
against its Web services. By sending IIS a specially coded URL that
contains an excessive number of escape characters, the service is caused
to perform more work than necessary, which can temporarily reduce
available processor cycles.
The Microsoft has released a patches for IIS as well as a FAQ. An
associated Support Online was not avialable at the time of this writing.
For complete details on this risk, please visit the URL below:
* Excessive Escape Chars Can Slow IIS
http://www.ntsecurity.net/go/load.asp?iD=/security/iis4-8.htm
Thanks for subscribing to Security UPDATE.
Please tell your friends about this newsletter and alert list!
Sincerely,
The Security UPDATE Team
security@ntsecurity.net
To subscribe, go to the UPDATE home page at
http://www.win2000mag.com/update
or send a blank email to join-securityupdate@list.win2000mag.net.
To remove yourself from the list, send a blank email to
leave-securityupdate-120275L@list.win2000mag.net.
To change your email address, send a message with the sentence
set securityupdate email="new email address"
as the message text to securityupdate@list.win2000mag.net. Replace the words "new email address" with your new email address (include the quotes).
If you have questions or problems with your UPDATE subscription, please contact securityupdate@win2000mag.com. We will address your questions or problems as quickly as we can, but please allow 2 issues for resolution.
|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|
Copyright 2000, Windows 2000 Magazine