iTWire - Microsoft widens IIS vulnerability warning

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Microsoft widens IIS vulnerability warning

Microsoft widens IIS vulnerability warning

E-mail

by Stephen Withers
Monday, 07 September 2009
Microsoft has widened the scope of a security advisory concerning vulnerabilities in the FTP service in Internet Information Services (IIS). The versions shipping with Vista and Server 2008 are now known to be affected as well as those in older versions of Windows. Featured Whitepaper 5 Best Practices for Smartphone Support Last week, Microsoft disclosed the existence of a flaw in the FTP component of IIS that could allow remote code execution or denial of service attacks. At the time, IIS versions 5 and 6 were said to be affected. Microsoft now warns that IIS 7.0 is also vulnerable if it is running FTP Service 6.0, but not if it has been updated with FTP Service 7.5 (as shipped with Windows 7 and Server 2008 R2). According to Microsoft's advisory, remote code execution is possible on IIS 5.0, but exploits are limited to denial of service attacks on IIS IIS 5.1 and later. IIS 5.0 is part of Windows 2000. The remote code execution attack on IIS 5.0 works by creating a long and maliciously crafted directory name, and could therefore be avoided by denying the right to create directories to untrusted users. However, a publicly available denial of service attack on the FTP service only requires an untrusted user to have read access. Microsoft suggests disabling the FTP service in order to "completely block the known attack vector or any variations thereof." A patch for the issue is under development. Microsoft officials have indicated that it may be released as an out-of-cycle update as opposed to waiting for October's Patch Tuesday. Tags See All Tags Exploit IIS Microsoft Patch Patch Tuesday Patches Security Software Stephen Withers Vulnerability Windows Windows 2000 Windows 7 Windows Server Windows Vista Windows XP Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking