[ISN] FrontPage Flaw Shows Security Still Challenges Microsoft

From: InfoSec News (isnat_private)
Date: Thu Oct 03 2002 - 00:18:56 PDT

  • Next message: InfoSec News: "[ISN] Handhelds seen empowering officers, security personnel"

    [Check out Gartner's forcast on when Microsoft will really 
    be on the path to "Trustworthy Computing" We're doomed!  - WK] 
    27 September 2002 
    Rich Mogull  
    A new security flaw in FrontPage Server Extensions shows that 
    Microsoft has a long way to go before it can deliver on its 
    much-publicized promise of Trustworthy Computing.
    Analyst Comments 
    On 25 September 2002, Microsoft acknowledged that hackers could 
    exploit a flaw in FrontPage Server Extensions 2000 to cause a 
    denial-of-service attack or possibly run arbitrary code on the server. 
    The latest vulnerability is nothing new - FrontPage Server Extensions 
    have long been a security risk - but it does indicate that security 
    remains a serious problem at Microsoft. Gartner forecasts that, due to 
    legacy code and resistance to cultural change, Microsoft will not 
    deliver necessary security improvements before 2004 (see "Microsoft 
    Takes Steps Toward Business-Strength Security" [1]).
    [1] http://www3.gartner.com/DisplayDocument?doc_cd=105525
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 02:58:52 PDT