Microsoft warns of new IIS server vulnerability

Microsoft is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)." The company said that a flaw exists in a certain type of Web serving operation. "An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests." "An attacker could exploit this vulnerability by creating […]

Microsoft is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)." The company said that a flaw exists in a certain type of Web serving operation. "An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests." "An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication". Microsoft said in a technical bulletin, and may provide an update as part of it’s monthly Patch Tuesday or, depending on the severity, could provide a fix outside of its monthly patching schedule. In the meantime, the company listed on its Web site certain configuration settings that can help mitigate the impact of the flaw.

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.