Microsoft investigates IIS security flaw


Microsoft investigates IIS security flaw

Warwick Ashford

Microsoft has confirmed that it is investigating reports of a vulnerability in the firm's Internet Information Services (IIS) software.

The vulnerability that could allow an attacker to take over a server is reported to be in the file transfer function of versions 5.0, 5.1 and 6.0 of Microsoft's IIS product.

Microsoft said in a security advisory that although detailed exploit code has been published for this vulnerability, the company is not aware of any active attacks.

"Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary," the advisory said.

Microsoft said that it will take appropriate action, which may include a patch to be released in the next monthly security update or sooner if necessary.

The company warned that users of IIS may be at risk because the vulnerability was not responsibly disclosed.

"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," the advisory said.

The "Workarounds" section of the advisory includes guidelines for steps users of IIS can take to protect systems from potential attacks until a patch is released.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy