HackDig : Dig high-quality web security articles for hackers

Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0

2017-03-31 03:35
Microsoft recommends upgrade to latest operating system for more protection.

A zero-day vulnerability in Microsoft's IIS 6.0 Web server software remains unfixed even after two Chinese researchers recently posted a proof-of-concept exploit for it, Threatpost reports. Microsoft recommends "that customers upgrade to our latest operating systems and benefit from robust, modern protection."

The flaw is a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service which allows an arbitrary code to be remotely executed in a PROPFIND request using a long header beginning with "If: <http://."  Microsoft says the current supported versions are not impacted. Disabling WebDAV helps mitigate attacks, Threatpost said.

IIS, or Internet Information Services, currently supports 11.4% of websites behind Apache and Nginx. Among all IIS versions, 11.3% run version 6, and many websites still run on unsupported versions of the software, the report said.

Read details here.


Source: i-tfosorcim-ni-walf-dezicilbup-ylediw-rof-ylekilnu-hctap/sehcaerb-skcatta/moc.gnidaerkrad.www

Read:3831 | Comments:0 | Tags:No Tag

“Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud