Microsoft on Tuesday confirmed that it is examining a critical vulnerability in older editions of Internet Information Services (IIS) server, a day after a hacker posted exploit code to the milw0rm.com site.

"Microsoft is investigating new public claims of a possible vulnerability in IIS 5.o and IIS 6.0 File Transfer Protocol (FTP)," a company spokesman said today. "We will take steps to determine how customers can protect themselves should we confirm the vulnerability." Microsoft added that it had not yet seen any evidence of actual in-the-wild attacks, but as is its usual practice, hinted that it might create a patch for the problem.

It offered no defensive measures Web server administrators could take in lieu of a fix, a departure from past investigations, when Microsoft has offered not only instructions to customers, but also delivered tools that helped users automate the workaround.

:story; Full story: Computerworld