Sunday, May 9, 2021

Microsoft Patches ‘Critical’ Vulnerability

Microsoft Corp. on Thursday called a newly discovered vulnerability in its Content Management Server 2001 ‘critical’ and issued a patch that will correct it and two other vulnerabilities in the Web site building and maintenance product.

The company is recommending that administrators apply the patch immediately.

The worst vulnerability lies in the software’s user authentication function, according to Microsoft. At least one page included with the default Web server would allow a hacker to overrun the buffer, giving him control of the system the software is running on.

The scope of the vulnerability could be significantly reduced if the URL scan tool was deployed on the server. It is likely that in this case, the vulnerability could only be used for denial of service attacks.

The second vulnerability found in Content Management Server 2001 sits in the Web authoring feature. An attack could exploit the vulnerability to upload a program to the Web server and execute it. This wouldn’t give the attacker full control of the program, but it would give her a foothold to move forward from.

The third vulnerability lies in the software’s database feature, and allows an attacker to take any action on the database and run some operating system commands, as well. However, it would not give the attacker any administrative privileges on the server.

Similar articles

Latest Articles

Top 10 Professional Services...

These are some of the best PSA tools for organizations of all sizes. What Is Professional Services Automation Software? Professional services automation (PSA) software aims to...

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...

Dell APEX: Our...

One of the missteps IBM made last century was collapsing their sales model, which was services based, to generate a short-term revenue spike. Up...

Companies that Scaled Technology...

NEW YORK — Companies that “doubled down” on their investment in mostly data-heavy technology during the COVID-19 pandemic have seen their revenue grow five...