l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
October 7: Social gathering
Next Installfest:
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2012 May 28 09:01

Reasons to Avoid Microsoft

[Bug] [Education] [Government] [Fear, Uncertainty, Doubt] [Security Hole] [MSN Hotmail] [MS Internet Explorer] [MS IIS Webserver] [MSN Instant Messenger] [License] [Linux/Open Source] [Monopoly] [MS Outlook] [Piracy] [Privacy] [Virus/Worm] [MS XBox] [MS Windows XP] [WOW!]
Show All

[MS IIS Webserver]

MS IIS Webserver

These pages are a compilation of links and quotes to news articles and others sources that might help convince you to switch to Linux.

    Warning: Missing argument 6 for item(), called in /var/www/lugod/microsoft/index.php on line 637 and defined in /var/www/lugod/microsoft/includes.php on line 38
  • ASP.NET Security Flaw Can Bypass Password (Netcraft, 2004.10.07)
    [MS IIS Webserver] [Security Hole] A security flaw in Microsoft's ASP.NET technology could allow intruders to enter password-protected areas of a web site by altering a URL. ... It also apparently allows authenticated users to bypass password protection on administrative areas of a site.

  • U.S., citing security concerns, steers consumers away from IE (EE Times, 2004.07.01)
    [MS Internet Explorer] [MS IIS Webserver] [Privacy] [Security Hole] [Government] [WOW!] The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer. ... The particular virus initiated this week ... allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may [have been infected with the malicious code, via a vulnerability in Microsoft's 'Internet Information Services' webserver software].

  • Microsoft warns on IIS 5 and IE attack (vnunet, 2004.06.25)
    [MS Internet Explorer] [MS IIS Webserver] [Privacy] [Security Hole] [WOW!] Sites are appending JavaScript to the bottom of web pages that, when executed, attempts to access a file hosted on another server. 'This file may contain malicious code that can affect the end user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems,' the organisation said.

  • New IIS exploit could be one of many (IDG, 2003.03.25)
    [Security Hole] [MS IIS Webserver] The vulnerability concerns an unchecked buffer in a core Windows 2000 component called ntdll.dll that is used to handle the [WebDav] extensions to HTTP. ... An attacker could use the vulnerability to ... [create] a denial of service (DOS) attack against ... or [execute] their own malicious code in the security context of the IIS service, giving them unfettered access to the vulnerable system...

  • Microsoft Warns Windows Users About Flaw (Seattle P.I., 2003.03.20)
    [Security Hole] [WOW!] [MS IIS Webserver] Microsoft Corp. on Wednesday warned about a serious flaw in all versions of its popular Windows software that could allow hackers to seize control of a person's computer when victims read e-mails or visit Web sites. ... It was particularly unusual because it affected so many different versions of Windows, from Windows 98 to its latest Windows XP editions.

  • U.S. military computer attacked (MSNBC, 2003.03.17)
    [Security Hole] [Government] [MS IIS Webserver] Another source told MSNBC.com that several Web sites with '.mil' domain names have recently been targeted with the same attack method. Microsoft's director of security assurance, Steve Lipner, confirmed that several customers were hit with the attack last week, but he refused to identify them. The flaw allows an attacker to break into computers running Microsoft's Windows 2000 operating system and Microsoft's Internet Information Service Web server product - probably the most popular configuration for Web servers running Microsoft software ... All machines are vulnerable by default.

  • Really critical hole in Microsoft Web software (The Register, 2002.11.21)
    [Security Hole] [MS Internet Explorer] [MS IIS Webserver] [WOW!] ust one day after raising the threshold beyond which it considers security vulnerabilities 'critical,' Microsoft Corp released a security advisory saying there is a 'critical' hole in its browsers and web servers that could cause serious problems, even if it is patched. ... 'This vulnerability is rated critical because an attacker could take over an IIS server or an Internet Explorer client and run code,' Microsoft warned. ... To make matters worse, it is currently possible to make patched systems vulnerable again, Microsoft said. A malicious attacker would be able to reintroduce the vulnerable control with just a specially [written] HTML document. Users that have their browsers configured to trust Microsoft-signed ActiveX controls by default would have the vulnerability reintroduced without their knowledge.

  • Microsoft FrontPage Susceptible To Major Security Flaws (InformationWeek, 2002.Sep.26)
    [MS IIS Webserver] [Security Hole] Critical flaw in FrontPage server extensions lets attackers seize control of Web servers or crash the system. Administrators barely had time to test and batch last week's round of critical Microsoft vulnerabilities before the company issued yet another critical warning.

  • FrontPage flaw places servers in jeopardy (CNet, 2002.Sep.25)
    [MS IIS Webserver] [Security Hole] Microsoft warned Web site administrators on Wednesday that a flaw in its FrontPage extensions could allow an attacker to take control of their servers or cause the computers to seize up. ... Despite launching its Trustworthy Computing initiative in January, the software giant has racked up more than 70 vulnerabilities outlined in 53 advisories this year.

  • MS security hole extravaganza (The Register, 2002.Jun.13)
    [Security Hole] [MS IIS Webserver] [MS Windows XP] [MSN Instant Messenger] [MS Internet Explorer] [WOW!] MS has been sitting on a number of security holes which it's decided to dump on us all at once. ... MS soft-pedals the severity in classic form, labeling this one "Moderate." But the eEye bulletin rightly points out that a target machine can be owned with a single session if the attacker knows what he's doing. ... Apparently, users had trusted the MS patch to fix their systems properly. Well it didn't... Apparently, the [previously reported Gopher exploit] is a bit worse than MS had originally thought, and affects not [just] IE...

  • Microsoft Discloses Software Flaw (Wired, 2002.Jun.12)
    [Security Hole] [MS IIS Webserver] Microsoft acknowledged a serious flaw Wednesday in its Internet server software that could allow sophisticated hackers to seize control of websites, steal information and use vulnerable computers to attack others online. ... it [is] impossible to know how many customers followed [advice to] shut off the [vulnerable] feature, which is turned on automatically the first time the software is installed.

  • Apache 2.0 Beats IIS at Its Own Game (eWeek, 2002.Apr.15)
    [MS IIS Webserver] [Security Hole] Enterprises last week had 11 more reasons to rethink using IIS: 10 new security holes in the Microsoft Web server and the arrival of Apache 2.0. ... When it comes to security, IIS doesn't come close to Apache. Apache's security track record is excellent, while IIS has taken hit after security hit. Just last week, Microsoft announced that 10 new security holes (several of which were serious buffer overruns) had been discovered in IIS.

  • Anti-Unix Web site back online (CNet, 2002.Apr.04)
    [MS IIS Webserver] [Fear, Uncertainty, Doubt] Although it's less than a week old, the site has received a great deal of attention, but probably not the kind that Microsoft and Unisys wanted. Early this week, it was discovered that the anti-Unix site ran on Web servers powered by FreeBSD, an open-source version of Unix ... The companies shifted the site over to Windows 2000 and Microsoft Internet Information Server on Tuesday, the same day the site went blank.

  • Microsoft's anti-Unix campaign backfires (The Register, 2002.Apr.03)
    [MS IIS Webserver] [Fear, Uncertainty, Doubt] A $30 million advertising campaign ... has turned into a public relations nightmare for [Microsoft and Unisys]. ... Embarrassed by the revelation that the promotional website was actually running [Unix] ..., sysadmins hurriedly switched the system over to a Windows/IIS combination. ... The campaign didn't name the evil from which users should flee [but hinted at Sun Microsystems] ... but the alternative on offer was to jump through a window, which literate readers will know as defenestration, a popular way of inviting kings to commit suicide in 17th century Europe. The 'jump to your death' route seems to be the path followed by the advertisers themselves, as the promotional website itself has performed some form of ritual suicide in its migration to Windows.

  • Hackers Deface Thousands Of Domains Parked At Verisign (Security Focus, 2002.Mar.20)
    [MS IIS Webserver] [Security Hole] A security breach Tuesday involving Verisign's Network Solutions unit disrupted potentially thousands of domain customers ... Attackers compromised a system that hosted thousands of 'parked' domains that had been registered through Network Solutions and were still under construction ... The system [was] running Microsoft's Internet Information Server (IIS) on Windows 2000.

  • FBI: Microsoft IIS most vulnerable (ZDNet Australia, 2001.Nov.8)
    [MS IIS Webserver] [Government] [Security Hole] [The] FBI found is that some problems are more widespread than others. 'This year it's Microsoft IIS,' Paller says, 'because it's so widespread and so easy to break into.' Adding to the problem is that so many installations aren't known to the companies that have them. Unfortunately for security managers, installations of Windows NT, Windows 2000, and Windows XP can also include a fully functional Web server that's created at the time the operating system is installed...

  • Researchers say Nimda set to propagate again (InfoWorld, 2001.Sep.27)
    [MS IIS Webserver] [Virus/Worm] 'We rechecked the code base to Nimda, and we found a code set that is supposed to respread Nimda through e-mail systems starting 10 days after machines were first infected'

  • Global Routing Instabilities during Code Red II and Nimda Worm Propagation (Renesys Corp, 2001.Sep.19)
    [Virus/Worm] [MS IIS Webserver] [MS Outlook] [We] have documented a compelling connection between global routing instability and the propagation phase of Microsoft worms such as Code Red and Nimda. Contrary to conventional wisdom, what were thought to be purely traffic-based denials of service in fact are seen to generate widespread end-to-end routing instability originating at the Internet's edge. ... The steep exponentially growth of the September 18 [Border Gateway Patrol] storm is aligned with the exponential spread of Nimda, the most virulent Microsoft worm seen to date. The Nimda worm exhibits extremely high scan rates, multiple attack modes generating very heavy traffic, and has been much more damaging that the July Code Red worm.

  • Nimda Worm Shows You Can't Always Patch Fast Enough (Gartner Group, 2001.Sep.19)
    [Virus/Worm] [MS IIS Webserver] [MS Outlook] Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache. ... they have much better security records than IIS ... [We remain] concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS. Sufficient operational testing should follow to ensure that the initial wave of security vulnerabilities every software product experiences has been uncovered and fixed. This move should include any Microsoft .NET Web services, which requires the use of IIS. [We belive] that this rewriting will not occur before year-end 2002.

  • Nimda: W32.nimda.a.mm (TruSecure, 2001.Sep.18)
    [MS IIS Webserver] [Virus/Worm] (...The rate of growth and spread [of this worm] is exceedingly rapid - significantly faster than any worm to date...) A new IIS worm is spreading rapidly. ... TruSecure believes that this worm will infect any IIS 4 and IIS 5 box with well known vulnerabilities. We believe that there are nearly 1Million such machines currently exposed to the Internet. ... Make sure any developer computing platforms are not running IIS of any version ... Disconnect mail from the Internet.

  • Code Rainbow Loose in the Wild (NewsBytes, 2001.Sep.18)
    [MS IIS Webserver] [Virus/Worm] While the worm is likely only to infect IIS systems, its probes are consuming resources and bandwidth of all types of Internet-connected devices, according to reports from administrators.

  • Code Red worm set to flood Internet (C|Net, 2001.Jul.19)
    [MS IIS Webserver] [Virus/Worm] The worm, which is thought to have compromised more than 15,000 English-language servers running Microsoft's Web server software, will cause every infected computer to flood the Whitehouse.gov address with data starting at 5 p.m. PDT... 'If this goes along what it's looking like, parts of the Net will go down,' [said an analyst].

  • IIS: Time to Just Say No (Security Portal, 2001.May.21)
    [MS IIS Webserver] [Security Hole] [WOW!] Last year, Microsoft issued 100 security bulletins, and as of 17 May 2001, has issued 27 this year. Many of these vulnerabilities are quite serious. If exploited they could cause overload conditions, crashes, denials of service, inflict significant damage to the system (e.g., web site defacement), or allow an unauthorized attacker to gain administrative control of the system. ... if any company is running IIS because a consulting firm recommended it, it's time to switch consulting firms.

  • Remote 'Root' Exploit in IIS 5.0 (Slashdot.org, 2001.May.02)
    [MS IIS Webserver] [Security Hole] This is a remote SYSTEM-level exploit in a popular webserver, in the wild, i.e., Danger Will Robinson. eEye says about a million servers will need to be patched; it may be more.

Last 3 Articles

Collection originally created by, donated to LUGOD by, and maintained by Bill Kendrick.

Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.