Microsoft patches IIS and Windows Media Services


Microsoft patches IIS and Windows Media Services

Microsoft has released two security bulletins warning of security holes in its web server software and in Windows Media Services, which affect various versions of the Windows operating system.

The company released a cumulative patch for its IIS (Internet Information Services or Internet Information Server) web server software, a component of Windows NT 4.0, Window 2000 and Windows XP.

The patch includes earlier patches for the web server as well as four new fixes, Microsoft said in Bulletin MS03-018. The bulletin and patch can be found at

The IIS patches have a variety of severity ratings. Most serious is a denial-of-service vulnerability that could allow an attacker to cause IIS versions 5.0 and 5.1 to fail. The cumulative patch is for IIS versions 4.0, 5.0 and 5.1 and is rated "important" by Microsoft.

The second bulletin released yesterday (Wednesday) addresses a flaw in Windows Media Services, software for streaming media over a network. It affects Windows NT 4.0 and Windows 2000.

The flaw involves the way the software handles incoming requests. Exploiting that flaw could cause IIS on the affected system to stop handling Internet requests, Microsoft said in Bulletin MS03-019. The bulletin and patch can be found at

Windows Media Services is included with Windows 2000 but not installed by default. It is a downloadable option on Windows NT 4.0, Microsoft said. It has rated this flaw "moderate".

Microsoft has a four-tiered system for rating security issues. Under the system, only vulnerabilities that could be exploited to allow malicious internet worms to spread without user action are rated critical.

Issues that are rated important could still expose user data or threaten system resources. Vulnerabilities rated moderate are hard to exploit because of factors such as default configuration or auditing, or difficulty of exploitation.

Joris Evers writes for IDG News Service

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy