Potential security risk dogs IIS/NT

Microsoft started sending out email this week to its customers regarding a potential security risk in its Internet Information Server (IIS) 4.0 Web server. The problem exists only on those systems that use SQL Server and have upgraded to the latest Remote Data Service (RDS) software: The bug allows an unscrupulous developer with access to a SQL Server address, the name of a table in a database at that address, and a password to that server, to change data in the database. Frankly, I don't see much of a problem with that, since that's the sort of information you'd need to access the database legitimately, but Microsoft says it can be a problem if you don't have a secure system with sound security policies. For more information, check out Microsoft Security Bulletin MS98-004

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.