Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft has revealed that hackers are already exploiting newly disclosed vulnerabilities in its Internet Information Services (IIS) web server software. Exploit code for the first flaw was posted on Monday, which would allow hackers to remotely take control of an IIS 5.0 server. New code was then posted on Thursday which takes advantage of vulnerabilities in IIS 5.0, IIS 5.1, IIS 6.0 and IIS 7.0 to allow hackers to launch denial of service attacks against these systems, as long as they are running the FTP Service, said Microsoft.Redmond was forced to update its security advisory warning that it is now seeing “limited attacks that use this exploit code”.“Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary,” the advisory continued.Although Microsoft is due to release its September security updates on patch Tuesday next week, it is widely believed that the new vulnerabilities were disclosed to recently for the Redmond security team to be able to deliver a working fix in time.In a blog posting, Microsoft blamed the current, albeit limited, attacks on the fact that the original vulnerabilities were published on the internet before the firm had a chance to work on a fix.“We continue to encourage responsible disclosure of vulnerabilities,” the post continued.“ We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.”
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.