Microsoft reports attacks using IIS vulnerability

    Microsoft reports attacks using IIS vulnerability


    Posted: 05 Sep 2009
    Microsoft reports attacks using IIS vulnerability


    A vulnerability in Microsoft's software for housing Web sites is now being used for "limited attacks" on the servers it's running on, the company said Friday.
    Microsoft disclosed the Internet Information Services (IIS) vulnerability on Monday and said Friday it's still working on a security update to fix the problem. In the meantime, the advisory has instructions for a workaround, including disabling various elements of the vulnerable FTP (File Transfer Protocol) service to upload and download files.
    According to the advisory, the vulnerability could let somebody run arbitrary code on a server using FTP on IIS 5.0 and conduct a denial-of-service attack using FTP on IIS 5.1, 6.0, and 7.0. The present version 7.5 isn't affected, though, and FTP 7.5 can be downloaded and installed on IIS 7.0 to protect it.
    "Customers should be aware that the Download Center has FTP 7.5 available for Windows Vista and Windows Server 2008. FTP 7.5 is not vulnerable to any of these exploits," said Alan Wallace, senior communications manager for Microsoft's security response communications team, in a statement.
    Initially, the company said it was investigating a vulnerability only with versions 5 and 6 of IIS.
    Microsoft reports attacks using IIS vulnerability | Deep Tech - CNET News


    ~Lordbob
    Lordbob75's Avatar Posted By: Lordbob75
    05 Sep 2009



 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:31.
Find Us