Microsoft confirms 'zero-day' vulnerability in Internet Information Services (IIS)

Microsoft has confirmed a “zero-day” security vulnerability affecting Internet Information Services (IIS). The security hole was initially reported ahead of Christmas on December 23rd, “our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable. An attacker would have to be authenticated and have write […]

Microsoft has confirmed a “zero-day” security vulnerability affecting Internet Information Services (IIS). The security hole was initially reported ahead of Christmas on December 23rd, “our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable. An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration. Customers using out of the box configurations and who follow security best practices are at reduced risk of being impacted by issues like this,” revealed MSRC blog.

Resources and best practices for securely configuring IIS servers:

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.