Microsoft says IIS server vulnerable to exploits
Tuesday, May 19, 2009
Microsoft said yesterday it is investigating new public reports of a possible vulnerability in Microsoft Internet Information Services (IIS), one of its server products.
The company said in a security bulletin that the vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information.
"We are not aware of attacks that are trying to use this vulnerability or of customer impact at this time," the bulletin said.
Microsoft said WebDAV is not enabled by default on Windows Server 2003 systems running IIS 6.0. Unless WebDAV has been enabled by an administrator on these systems, the vulnerability is not exposed.
The company said it is working with its Microsoft Active Protections Program (MAPP) and Microsoft Security Response Alliance (MSRA) program to provide information for customers and provided workarounds they can use until the bug is fixed.
Microsoft said it may provide a fix for the security flaw in its monthly security update or with an out-of-cycle update, depending on customer needs.
Related News:
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
Phishing email takes numerous forms - 11.17.2009
The practice of impersonating authoritative websites and sources in order to convince victims to divulge personal information - known as phishing - has come a long way from the Nigerian "419" scams that popularized the technique in the public mind. Modern phishing is becoming increasingly dangerous in part because attacks can come from a variety of sources.
Email filtering technology working overtime, but spam won't go quietly - 11.16.2009
While modern email filtering systems can block 95 to 99 percent of spam messages, according to Tech Target, mountains of unsolicited email are still delivered every day, accounting for the vast majority of all emails sent.
Phishing scam targets investors, spoofs finance agency - 10.9.2009
The Financial Industry Regulatory Agency (FINRA), an independent regulator of brokerages, is warning investors that they may be targeted by a phishing scam through emails claiming to come from the agency.
Phishing scammers leak Windows Live Hotmail passwords to web - 10.6.2009
Hackers posted thousands of passwords from Windows Live Hotmail email accounts to a website over the weekend, in what Microsoft said was the result of a phishing campaign targeting the free webmail service.
|
