Microsoft probes IIS server flaw
By Stuart Turton
Posted on 2 Sep 2009 at 08:41
Microsoft has confirmed it's investigating a critical vulnerability in Internet Information Services (IIS) server, after a hacker posted exploit code to the milw0rm.com site.
The exploit targets a flaw in the File Transfer Protocol (FTP) software used by IIS versions 5 and 6 to transfer large files. As Microsoft notes, this means that anybody running IIS 7 is safe.
The company was also keen to note that it is unaware of any active attacks, and that in order for an attack to be succesful users would have to enable anonymous write access to the FTP server - something disabled by default.
"Microsoft is currently working to develop a security update for this issue to address this vulnerability and will release it once it has reached an appropriate level of quality for broad distribution," says Microsoft in its security advisory.
The company did not say what form this update would take, though it could be released as part of this month's Patch Tuesday cycle, or released as an out-of-cycle update, though these are rare and usually restricted to flaws affecting the latest versions of Microsoft software.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
