Vulnerability unpatched in Microsoft server product


Vulnerability unpatched in Microsoft server product

Warwick Ashford

Microsoft is investigating reports of an unpatched vulnerability in the company's Internet Information Services (IIS) server product.

The elevation of privilege vulnerability could allow a hacker to bypass some authentication controls, Microsoft said in a security advisory.

Microsoft said it is not aware of attacks using the vulnerability, but lists three configuration settings to help mitigate against a potential attack.

The company said it is working with its partners in the Microsoft Active Protections Program (MAPP) and the Microsoft Security Response Alliance (MSRA) program to provide information they can use to provide broader protections to customers.

Microsoft said after completing its investigation it will either provide an update as part of its monthly Patch Tuesday or release a fix outside of its monthly patching schedule.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy