You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft issues advisory for IIS flaw

Working on a patch

Tags: microsoft

Printer Friendly Email Story RSS

By Ina Fried

Published: 2 September 2009 08:43 GMT

Microsoft on Tuesday issued a security advisory for a web server flaw that was made public on Monday.

The flaw affects certain versions of Microsoft Internet Information Services product, but to be exploited it requires a user to have the FTP function enabled. The flaw could allow an attacker to take over the server.

In its advisory, Microsoft said it has not seen any active attacks, although it acknowledges that detailed exploit code was published to the web.

Microsoft said it is still working on patching the flaw but said the advisory has advice that customers can use to protect themselves.

"Microsoft is currently working to develop a security update for this issue to address this vulnerability and will release it once it has reached an appropriate level of quality for broad distribution," Microsoft said.

In a posting on Monday, the US Computer Emergency Readiness Team (US-CERT) suggested IT administrators "disable anonymous write access to the FTP server to help mitigate the vulnerability" but added that "a proper impact analysis should be performed prior to taking defensive measures".

Original article: Microsoft issues advisory on server flaw from CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Microsoft: First 'Windows Phones' arriving next month

Microsoft IIS 'at risk from FTP flaw'

Snow Leopard, Windows 7, Microsoft Word ban and BT broadband

'You can't sell Word' ruling: Microsoft files formal appeal

Five critical Windows updates arrive on Microsoft's Patch Tuesday

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
Web Applications Vulnerability Tester

Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...

Junior Systems Administrator to 20k; TCP/IP IIS FTP SQL VB Scripting

The successful candidate will have knowledge / experience in the following:- • TCP/IP addressing • IIS 6/7 • FTP • SQL ...

Warehouse/Distribution Manager

Company is able to provide a cost efficient service in line with contractual terms and conditions ensuring that start-up requirement, implementation ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?

Users tell SAP: 'We need to talk more'

Second iPhone worm: A botnet risk

Outsourcing: CIOs' tips on getting it right




Quick Sitemap Links: