Microsoft investigates IIS security flaw


Microsoft investigates IIS security flaw

Warwick Ashford

Microsoft has confirmed that it is investigating reports of a vulnerability in the firm's Internet Information Services (IIS) software.

The vulnerability that could allow an attacker to take over a server is reported to be in the file transfer function of versions 5.0, 5.1 and 6.0 of Microsoft's IIS product.

Microsoft said in a security advisory that although detailed exploit code has been published for this vulnerability, the company is not aware of any active attacks.

"Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary," the advisory said.

Microsoft said that it will take appropriate action, which may include a patch to be released in the next monthly security update or sooner if necessary.

The company warned that users of IIS may be at risk because the vulnerability was not responsibly disclosed.

"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," the advisory said.

The "Workarounds" section of the advisory includes guidelines for steps users of IIS can take to protect systems from potential attacks until a patch is released.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy