OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."
A flaw in the FTP component within Microsoft's Internet Information Services (IIS) allows the execution of malicious code, potentially giving an attacker complete control of a targeted system.
Microsoft is warning its customers about a vulnerability in Internet Information Services' FTP server. Detailed exploit code has been made public, but Microsoft and security vendors Symantec and PC Tools say they have not seen active attacks using this vulnerability.
The vulnerability affects IIS 5 and 6, though according to Symantec's security response team, "we successfully executed arbitrary code remotely on IIS 5.0. Yet, our results with IIS 6.0 were less than conclusive."
That observation is consistent with Microsoft's advice that "IIS 6.0 is at reduced risk because it was compiled using the /GS compiler option. This does not remove the vulnerability but does make exploitation of the vulnerability more difficult."
The vulnerability can be exploited by creating a directory with a maliciously crafted name using any account with write access. When that directory is listed using the FTP NLST command, the shell code embedded in the directory name is executed.
The workarounds suggested by Microsoft are to disable the FTP service if it is not required, modify NTFS file system permissions to prevent FTP users creating directories, and disallow FTP write access by anonymous users.
Symantec recommends the latter action should be taken immediately "because this is the most dangerous scenario."
The affected software is installed by default in Windows 2000 and Small Business Server 2003. It is an optional installation on XP and Server 2003.
An update to address the vulnerability is being developed, and "be released once it reaches an appropriate level of quality for broad distribution", Microsoft officials stated.
IIS 7.0, found in Vista and Server 2008, is not vulnerable, according to the Microsoft Security Response Center.
David Frost
| SYDNEY– February 9, 2012. Gigamon®, the world leader in Traffic Visibility Fabric solutions, announced that it has expanded the breadth and s…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
