IIS exploit in-the-wild

microsoftsecurityProof-of-concept code was posted on Monday that can lead to gain a full control over server running Microsoft IIS.

This vulnerability can be serious for webmasters but the attack can only be successful against old versions of IIS (IIS5, IIS6). The bug is particularly concern the FTP service which is an IIS component that used to transfer large files over the internet.

So administrators are invited to disable anonymous write access to the FTP server to help mitigate the risk, although a proper impact analysis should be performed prior to taking defensive measures.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] to Storm the Tuesday patches will not include the IIS Web server vulnerability while Microsoft promised that it would patch IIS at some […]

trackback

RT @Sectechno IIS exploit in-the-wild | SecTechno http://bit.ly/49uC6t

trackback

IIS Vulnerability Under Attack : IIS exploit in-the-wild http://bit.ly/Xqwou (via @sectechno)

trackback

RT @MBenLakhoua > @Sectechno IIS exploit in-the-wild | SecTechno http://bit.ly/49uC6t #security

trackback

New Blog Post: IIS exploit in-the-wild http://bit.ly/Xqwou