Microsoft confirms IIS security flaw exploits


Microsoft confirms IIS security flaw exploits

Warwick Ashford

Microsoft has confirmed that attackers have exploited a vulnerability in the firm's Internet Information Services (IIS) software.

The vulnerability that allows attackers to take over a server or conduct a denial of service attack is in the file transfer function.

The problem was initially said to affect version 5.0, 5.1, 6.0 and 7.0 of Microsoft's IIS product, but an updated security advisory included version 7.0.

Microsoft said version 7.5 of the FTP protocol is not vulnerable to any of the known exploits and can be downloaded and installed on IIS 7.0 to protect it.

"The Download Center has FTP 7.5 available for Windows Vista and Windows Server 2008," said Alan Wallace of the Microsoft security response center.

For all other users, Microsoft recommends IIS users implement the workarounds provided in the Advisory under the Workaround section, Wallace wrote in a blog.

Users should follow these guidelines until Microsoft releases a security update once it reaches an "appropriate level of quality for broad distribution," he wrote.

Wallace said more information on suggested actions can be found in Microsoft Knowledge Base Article 975191.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy