Microsoft BizTalk Preview; Component Vulnerability; Escape Characters Vulnerability

Microsoft Releases Biztalk Server Technology Preview
In a previous issue, I wrote regarding BizTalk and XML. I mentioned that Microsoft's BizTalk server was in the alpha stages and should be ready for beta release this summer. Well, in the interim, Microsoft has released a technology preview of the new BizTalk Server 2000. It's not quite beta yet, but it's worth a look to see Microsoft's direction. Microsoft still promises a beta version this summer and general availability in the fall.

Link View Server-Side Component Vulnerability
On April 14, reports circulated about a vulnerability in dvwssr.dll, a component included in some IIS installations. This DLL suffers from a buffer overflow vulnerability that can let some users who already have Web-authoring permissions view on the same machine other files for which they don't have permissions. Microsoft has released a workaround \[\] that instructs administrators to simply remove the DLL.

Myriad Escape Characters Vulnerability
Earlier this month, Microsoft released a patch for IIS that fixes a potential Denial of Service (DoS) attack. If a malicious user sends a Web server a log URL filled with escape character sequences, including special characters such as the space symbol (%20), it could needlessly tie up the CPU, creating a DoS condition.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.