Microsoft is investigating reports of an unpatched vulnerability
in the company's Internet Information Services (IIS) server
product.
The elevation of privilege vulnerability could allow a hacker to
bypass some authentication controls,
Microsoft said in a security advisory.
Microsoft said it is not aware of attacks using the
vulnerability, but lists three configuration settings to help
mitigate against a potential attack.
The company said it is working with its partners in the
Microsoft Active Protections Program (MAPP) and the
Microsoft
Security Response Alliance (MSRA) program to provide
information they can use to provide broader protections to
customers.
Microsoft said after completing its investigation it will either
provide an update as part of its monthly Patch Tuesday or release a
fix outside of its monthly patching schedule.