|30 Dec 2009||#1|
| || |
Results of Investigation into Holiday IIS Claim.
We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
The Microsoft Security Response Center (MSRC) : Results of Investigation into Holiday IIS Claim
|My System Specs|
|30 Dec 2009||#2|
| || |
December 28, SCMagazine – (International) New IIS flaw
Administrators following secure configuration best practices should not be at risk to a new, zero-day vulnerability in Microsoft’s Internet Information Services (IIS), according to the software giant. A senior security program manager at Microsoft said Sunday night in a blog post that the company is investigating reports of a flaw in the IIS web server but is unaware of any active attacks. He said that for an attack to occur, IIS must be in a “nondefault, unsafe configuration,” and anintruder would have to be authenticated with privileges to execute commands that do not
comply with Microsoft guidance. “Customers using out-of-the-box configurationsand who follow security best practices are at reduced risk of being impacted by issues like this,” he said. A handler posting on the SANS Internet Storm Center site said Sunday that administrators still must be careful because they could unknowingly be running a vulnerable web server due to a webmaster’s mistake.
Source: New IIS flaw deemed low risk in proper configurations - SC Magazine US
|My System Specs|
|Similar help and support threads for2: Results of Investigation into Holiday IIS Claim.|
|Charger can hack Apple devices with ‘alarming ease’, researchers claim||Security News|
|Power utilities claim 'daily' and 'constant' cyberattacks, says report||Security News|
|EU investigation of Microsoft over browser choice moves forward||News|
|Results of Investigation into Holiday IIS Claim||News|
|Malicious Emails Claim Facebook Passwords Were Reset.||Security News|
|Nearly (Seven) places not to go to on holiday.||Chillout Room|
|EVGA's BIG CLAIM||Hardware & Devices|