diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


IIS 6 affected with ‘security issue with semi-colons in URL’, admit Microsoft

Microsoft reports that we’ve “found there’s no vulnerability in Internet Information Services (IIS). However, there’s an inconsistency in IIS 6 only in how it handles semicolons in URLs. The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on same directory. This’s not the default configuration for IIS and is contrary to all of our published best practices. IIS server configured in this manner is inherently vulnerable to attack. Customers using IIS 6.0 in default configuration or following best practices don’t need to worry about this issue. For those, running IIS in a configuration that allows both “write” and “execute” privileges on same directory, should review best practices and make changes to better secure your system from the threats that configuration can enable,” writes MSRC blog.

Resources and best practices for securely configuring IIS servers:

More info: IIS blog

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...