Microsoft patches IIS and Windows Media Services

Microsoft has released two security bulletins warning of security holes in its web server software and in Windows Media Services,...

Microsoft has released two security bulletins warning of security holes in its web server software and in Windows Media Services, which affect various versions of the Windows operating system.

The company released a cumulative patch for its IIS (Internet Information Services or Internet Information Server) web server software, a component of Windows NT 4.0, Window 2000 and Windows XP.

The patch includes earlier patches for the web server as well as four new fixes, Microsoft said in Bulletin MS03-018. The bulletin and patch can be found at

The IIS patches have a variety of severity ratings. Most serious is a denial-of-service vulnerability that could allow an attacker to cause IIS versions 5.0 and 5.1 to fail. The cumulative patch is for IIS versions 4.0, 5.0 and 5.1 and is rated "important" by Microsoft.

The second bulletin released yesterday (Wednesday) addresses a flaw in Windows Media Services, software for streaming media over a network. It affects Windows NT 4.0 and Windows 2000.

The flaw involves the way the software handles incoming requests. Exploiting that flaw could cause IIS on the affected system to stop handling Internet requests, Microsoft said in Bulletin MS03-019. The bulletin and patch can be found at

Windows Media Services is included with Windows 2000 but not installed by default. It is a downloadable option on Windows NT 4.0, Microsoft said. It has rated this flaw "moderate".

Microsoft has a four-tiered system for rating security issues. Under the system, only vulnerabilities that could be exploited to allow malicious internet worms to spread without user action are rated critical.

Issues that are rated important could still expose user data or threaten system resources. Vulnerabilities rated moderate are hard to exploit because of factors such as default configuration or auditing, or difficulty of exploitation.

Joris Evers writes for IDG News Service



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...