|25 Dec 2009||#1|
| || |
Microsoft IIS vuln leaves users open to remote attack.
A researcher has identified a vulnerability in the most recent version of Microsoft's Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.
The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension ".asp." By appending ";.jpg" or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.
There appears to be some disagreement over the severity of the bug, which Dalili said affects all versions of IIS. While he rated it "highly critical," vulnerability tracker Secunia classified it as "less critical," which is only the second notch on its five-tier severity rating scale.
Microsoft IIS vuln leaves users open to remote attack ? The Register
|My System Specs|
|Similar help and support threads for2: Microsoft IIS vuln leaves users open to remote attack.|
|Outlook.com outage leaves users locked out of accounts||News|
|Windows head Steven Sinofsky leaves Microsoft||News|
|Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack||Security News|
|Microsoft Urges Users To Patch Critical Remote Desktop Vulnerability||Security News|
|Reading the Microsoft advertising tea leaves for 2010.||News|
|WoW - authenticator users come under attack.||Gaming|
|Adobe Reader vuln hit with unusually advanced attack.||Security News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 10:17 PM.