We're MS-approved, says FlyingPig CIO

Microsoft's own consultants have signed off the FlyingPig site on Windows NT security issues, says the online retailer's chief information officer.

Microsoft's own consultants have signed off the FlyingPig site on Windows NT security issues, says the online retailer's chief information officer.

Information received by @IDG has suggested that FlyingPig has not closed off a vulnerability that affects Microsoft Internet Information Server on Windows NT. Another Web site operator has also accused FlyingPig of harbouring security issues.

The hole allows the creation of a buffer overflow condition that can give a remote user control of the Web server. Peer Web Services are also affected. The weakness in IIS has been known about since June.

But FlyingPig CIO Phil Henderson says that as far as he has concerned, his site is not vulnerable.

"My network administrator assures me we're covered. The latest NT patches have all been applied. As far as I'm aware, we've updated everything and Microsoft consultants have come through and given us a big tick."

Information on the buffer overflow hole is at:

http://www.ntsecurity.net/scripts/loader.asp?iD=/security/htr.htm

An executable version of some code that demonstrates the exploit can be downloaded from:

http://www.ntsecurity.net/security/tools/iishack.exe

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]