SCF Advanced Search



Members
Stats
  • Total Posts: 37719
  • Total Topics: 12401
  • Online Today: 1650
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: georgecloner
« on: 20. May 2009., 17:00:17 »


Web hosts encouraged to lock down server component

Microsoft has issued a security advisory about a new vulnerability in Windows Internet Information Server (IIS).

IIS is a component used primarily by Windows Server systems to provide web hosting services. It is also included in Windows XP Professional, as well as the Business, Enterprise and Ultimate editions of Windows Vista.

Microsoft said that the vulnerability could allow an attacker to gain elevated privileges on a targeted server, possibly allowing the attacker to access and edit data.

The flaw affects IIS versions 4.0, 5.0 and 6.0. The newest version, IIS 7.0, is not believed to be vulnerable. No active attacks targeting the flaw have been reported.

Microsoft said that the vulnerability is exposed when an attacker sends a specially-crafted HTTP request file to the targeted server. Once exploited, the attacker could bypass authentication requirements and access the system with anonymous account clearance.

The company noted that the vulnerability is limited to the extent to which administrators have set access for anonymous users. By limiting access and preventing write clearance for the accounts - a default setting for most IIS systems - the danger of attack can be mitigated.

Many IIS 6.0 users should also be protected, as the vulnerable WebDAV component is disabled in those systems by default.

Microsoft did not say when a fix for the vulnerability could be expected. The company's next scheduled security update is 9 June.

This is not the first time that vulnerabilities in IIS have gained attention. In 2001, the component was the main target of the Code Red and Code Blue worms.

{VNUNET}

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising