Microsoft warns of new flaw in Internet Information Server

By Shaun Nichols on May 21, 2009 9:27AM
Add techpartner.news As Your Trusted Source
Microsoft warns of new flaw in Internet Information Server

IIS is a component used primarily by Windows Server systems to provide web hosting services.

It is also included in Windows XP Professional, as well as the Business, Enterprise and Ultimate editions of Windows Vista.

Microsoft said that the vulnerability could allow an attacker to gain elevated privileges on a targeted server, possibly allowing the attacker to access and edit data.

The flaw affects IIS versions 4.0, 5.0 and 6.0. The newest version, IIS 7.0, is not believed to be vulnerable.

No active attacks targeting the flaw have been reported.

Microsoft said that the vulnerability is exposed when an attacker sends a specially-crafted HTTP request file to the targeted server.

Once exploited, the attacker could bypass authentication requirements and access the system with anonymous account clearance.

The company noted that the vulnerability is limited to the extent to which administrators have set access for anonymous users.

By limiting access and preventing write clearance for the accounts - a default setting for most IIS systems - the danger of attack can be mitigated.

Many IIS 6.0 users should also be protected, as the vulnerable WebDAV component is disabled in those systems by default.

Microsoft did not say when a fix for the vulnerability could be expected. The company's next scheduled security update is 9 June.

This is not the first time that vulnerabilities in IIS have gained attention. In 2001, the component was the main target of the Code Red and Code Blue worms.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk

Add techpartner.news as your trusted source

Add techpartner.news As Your Trusted Source
Tags:
access attacker component iis security server servers & storage vulnerability

Partner Content

Have ticket queues become your quiet business risk?
Have ticket queues become your quiet business risk?
AI PCs shift from hype to revenue opportunity for partners
AI PCs shift from hype to revenue opportunity for partners
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Expanding Opportunities for Microsoft Partners with Dicker Data’s Solution ConX Marketplace
Expanding Opportunities for Microsoft Partners with Dicker Data’s Solution ConX Marketplace
Jabra launches PanaCast U30 video bar for easier BYOD meetings
Jabra launches PanaCast U30 video bar for easier BYOD meetings

Sponsored Whitepapers

SMB Profitability: Paths to profit for SMB sized MSPs
SMB Profitability: Paths to profit for SMB sized MSPs
Transform how you provision and deliver security and backup—on one platform
Transform how you provision and deliver security and backup—on one platform
Protect the data your business relies on
Protect the data your business relies on
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it
Cut through the SASE confusion
Cut through the SASE confusion

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Winter Ball featuring the 2026 Impact Awards
techpartner.news Winter Ball featuring the 2026 Impact Awards
Integrate 2026
Integrate 2026
Security Exhibition & Conference
Security Exhibition & Conference

Most read articles

Interactive introduces private cloud platform

Interactive introduces private cloud platform
Bluechip Infotech enters final stage of Goodson Imports acquisition

Bluechip Infotech enters final stage of Goodson Imports acquisition
HamiltonJet partners with digital services provider Fortude

HamiltonJet partners with digital services provider Fortude
Why Kat McCrabb started with the hard stuff

Why Kat McCrabb started with the hard stuff

Log in

Email:
Password:
  |  Forgot your password?