5/19/2009

Microsoft warns of new server vulnerability

Filed under: — By Aviran Mordo @ 5:20 am

A new, unpatched vulnerability exists in one of Microsoft’s server products, the company warned late Monday.

In a technical bulletin, the company said it is looking into “public reports of a possible vulnerability in Microsoft Internet Information Services (IIS).”

The company said that a flaw exists in a certain type of Web serving operation.

“An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests,” Microsoft said. “An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.”

Microsoft said it is not aware of attacks using the vulnerability. The company said it may provide an update as part of its monthly Patch Tuesday or, depending on the severity, could provide a fix outside of its monthly patching schedule.

 

One Response to “Microsoft warns of new server vulnerability”

  1. cenary Says:

    The exploit code for IIS 6.0 WebDav now available.

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress