Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Results of Investigation into Holiday IIS Claim.

30 Dec 2009   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Results of Investigation into Holiday IIS Claim.

Quote:
We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
Source -
The Microsoft Security Response Center (MSRC) : Results of Investigation into Holiday IIS Claim


My System SpecsSystem Spec
.

30 Dec 2009   #2
reghakr

Windows 7 Pro & Vista Home Premium
 
 
December 28, SCMagazine – (International) New IIS flaw

UPDATE............again

Administrators following secure configuration best practices should not be at risk to a new, zero-day vulnerability in Microsoft’s Internet Information Services (IIS), according to the software giant. A senior security program manager at Microsoft said Sunday night in a blog post that the company is investigating reports of a flaw in the IIS web server but is unaware of any active attacks. He said that for an attack to occur, IIS must be in a “nondefault, unsafe configuration,” and anintruder would have to be authenticated with privileges to execute commands that do not
comply with Microsoft guidance. “Customers using out-of-the-box configurationsand who follow security best practices are at reduced risk of being impacted by issues like this,” he said. A handler posting on the SANS Internet Storm Center site said Sunday that administrators still must be careful because they could unknowingly be running a vulnerable web server due to a webmaster’s mistake.

More.........
Source: New IIS flaw deemed low risk in proper configurations - SC Magazine US
My System SpecsSystem Spec
Reply

 Results of Investigation into Holiday IIS Claim.




Thread Tools





Similar help and support threads
Thread Forum
PlayStation Network Suffers DDOS Attack, Hackers Claim To Have...
PlayStation Network Suffers DDOS Attack, Hackers Claim To Have Grounded SOE President’s Plane Source A Guy
Security News
Power utilities claim 'daily' and 'constant' cyberattacks, says report
Source A Guy
Security News
EU investigation of Microsoft over browser choice moves forward
Read more at source: EU investigation of Microsoft over browser choice moves forward: Report | ZDNet
News
Results of Investigation into Holiday IIS Claim
More...
News
Malicious Emails Claim Facebook Passwords Were Reset.
More - Malicious Emails Claim Facebook Passwords Were Reset - The attachments contain a computer trojan - Softpedia
Security News
EVGA's BIG CLAIM
EVGA X58 is the "Fastest System on Planet Earth" The EVGA X58 SLI is designed for the overclocking addict, but don't just take our word for it. Take a look at the Futuremark Hall of Fame where the EVGA X58 SLI Platform and EVGA GTX 280 have been awarded the "Fastest System on Planet Earth" with...
Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:57.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App