Microsoft Security Bulletin MS01-018 and Entrust's Role

11 Apr 2002

The Issue:
On Wednesday, April 10, 2002 Microsoft issued a security bulletin concerning the release of a cumulative patch for Internet Information Services. The patch is required by customers using IIS to operate a Web site on a computer running Microsoft Windows NT? 4.0; Windows 2000 or Windows XP Professional. Without the patch, the vulnerability could allow an attacker to take over these computers. The attacker could then do anything that customers can do including changing Web pages, installing and running software or reformatting the hard drive.

More information is available at:
http://www.microsoft.com/security/security_bulletins/ms02018_iis.asp (non-technical)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp (technical)

Entrust's Role:

Microsoft credited Entrust for its role in the identification and resolution of this issue by reporting the buffer overrun affecting the HTTP header handling.

The problem was identified in mid-March during rigorous testing of its latest release of Entrust TruePass software on IIS. Entrust notified Microsoft immediately and is pleased to see Microsoft act in a timely way to address the vulnerability and issue the patch.

Entrust customers represent the world's leading government and Global 2000 enterprises. The level of due diligence performed for Entrust product testing is extremely high. We are pleased to be able to share these results with vendors such as Microsoft to better protect customers worldwide.

Entrust TruePass is a key component of the Entrust Secure Web Portal Solution, offering organizations the comprehensive enhanced Internet security required to manage trusted relationships with partners, employees and customers through high value Web portals.

For more information about Entrust, visit www.entrust.com  or contact Carrie Bendzsa at 613-270-3455.