All the latest UK technology news, reviews and analysis
|
|
|
23 Apr 2002
Cisco has said that a vulnerability in Microsoft's Internet Information Server (IIS) tool has affected a number of its products.
The flaw, which is in Microsoft's software, rather than Cisco's products, is said to affect a number of applications including Cisco CallManager 3.0, Email Manager and Intelligent Contact Manager. A full list of affected products is available here.
Problems with IIS can allow attackers to execute rogue code, view or modify the operating system and perform denial of service attacks.
Microsoft highlighted the vulnerability in a security bulletin on 10 April and issued a patch for Windows NT 4.0, 2000 and XP.
Cisco is offering free software updates to address the vulnerabilities. Access to upgrades is through support plans with Cisco or third parties.
Paul King, Cisco's security consultant, explained that the company cannot "give away numbers in terms of how many installed bases have been affected". But he admitted that the security problem is not critical.
"Systems administrators will be aware that they must keep their software maintenance up to date," he said. "I am not trying to trivialise the issue.
"It is a very real security risk but, if systems administrators are doing their job properly, they should be well aware of what they need to do."
Although Microsoft issued a public notice about the problems on its website on 10 April, Cisco waited until last week to put a notice up about the problem on its site because "we needed to double check all our products".
He maintained that the software update should "not take long to download. It is only an 800Kb file, not tens of megabytes."
Iain Stevenson, research director at the Next Generation Networks Group at analyst Ovum, said: "The range of products affected are mostly in the voice over IP and unified messaging families dealing with network management activities, but not from a customer facing point of view.
"It is a very small proportion of the things Cisco makes."
He explained that the problem is an "embarrassment" for Cisco, but pointed out that in a "cosy relationship with Microsoft, it must take the rough with the smooth".
"To say that every software administrator should track these sorts of problems is an old argument," added Stevenson. "When did you last meet one that kept everything up to date?"
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
C#, WPF, Silverlight, UI Development, Software Engineers...
Candidate required who is used to working in a client...
Build Change Release Manager / Build Change Manager...
IT Service Desk Manager / Liverpool / Up to £60,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?