Microsoft has confirmed a vulnerability in its Internet Information Services webserver and spelled out the conditions under which it can be exploited to give an attacker complete control of the server on which it runs.
The good news: As previously reported, remote execution of malicious code can be triggered only in limited cases, and even then, it's relatively easy to change settings that close that possibility. Even then, exploits can still touch off denial-of-service attacks that completely shut down file transfer protocol.
Proof-of-concept code exploiting the vulnerability was released Monday. Microsoft said it will release a fix as soon as it's ready.
Microsoft confirms IIS bug gives complete server control • The Register
The good news: As previously reported, remote execution of malicious code can be triggered only in limited cases, and even then, it's relatively easy to change settings that close that possibility. Even then, exploits can still touch off denial-of-service attacks that completely shut down file transfer protocol.
Proof-of-concept code exploiting the vulnerability was released Monday. Microsoft said it will release a fix as soon as it's ready.
Microsoft confirms IIS bug gives complete server control • The Register