Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft has warned of a new zero-day vulnerability in its Internet Information Services (IIS) which could allow remote code execution by hackers. The company has issued a security advisory for the vulnerability, which lies in the File Transfer Protocol (FTP) service in IIS 5.0, 5.1 and 6.0.Microsoft said that, although the code has been published widely on the internet, the firm is "not currently aware of active attacks that use this exploit code, or of customer impact at this time"."The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name," the company said in a Security Research and Defense blog post."To be vulnerable, an FTP server would need to grant untrusted users access to log into and create that long, specially-drafted directory. If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs."Microsoft is advising companies to prevent untrusted users from having write access to the FTP service until a fully-tested security update is available. This can be achieved by turning off the FTP service if it is not needed, or preventing anonymous users from writing via IIS settings, said the blog posting. IIS is the second most popular web server in the world after Apache, according to the latest figures.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.