Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3080
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3067
Total: 3069









Author Topic: Microsoft warns of new flaw in Internet Information Server  (Read 2315 times)

0 Members and 2 Guests are viewing this topic.

georgecloner

  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male

Web hosts encouraged to lock down server component

Microsoft has issued a security advisory about a new vulnerability in Windows Internet Information Server (IIS).

IIS is a component used primarily by Windows Server systems to provide web hosting services. It is also included in Windows XP Professional, as well as the Business, Enterprise and Ultimate editions of Windows Vista.

Microsoft said that the vulnerability could allow an attacker to gain elevated privileges on a targeted server, possibly allowing the attacker to access and edit data.

The flaw affects IIS versions 4.0, 5.0 and 6.0. The newest version, IIS 7.0, is not believed to be vulnerable. No active attacks targeting the flaw have been reported.

Microsoft said that the vulnerability is exposed when an attacker sends a specially-crafted HTTP request file to the targeted server. Once exploited, the attacker could bypass authentication requirements and access the system with anonymous account clearance.

The company noted that the vulnerability is limited to the extent to which administrators have set access for anonymous users. By limiting access and preventing write clearance for the accounts - a default setting for most IIS systems - the danger of attack can be mitigated.

Many IIS 6.0 users should also be protected, as the vulnerable WebDAV component is disabled in those systems by default.

Microsoft did not say when a fix for the vulnerability could be expected. The company's next scheduled security update is 9 June.

This is not the first time that vulnerabilities in IIS have gained attention. In 2001, the component was the main target of the Code Red and Code Blue worms.

{VNUNET}
Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023