-
December 30th, 2009, 16:15 PM
#1
Head Honcho
Administrator
Microsoft rebuts IIS vulnerability claims
Microsoft has denied claims of a new vulnerability in Internet Information Services (IIS) 6, putting the blame instead on poorly configured Web servers.
In a blog post Tuesday, Redmond said it had completed an investigation into claims that a flaw in how the IIS interprets file extensions in uniform resource locators (URLs) can enable an attacker to bypass content filtering software to upload and execute code on an IIS server. The company found "no vulnerability" in IIS.
Security researcher Soroush Dalili highlighted the issue on Christmas Day in a paper released via his Web site (PDF), describing the impact as "highly critical for Web applications."
c|net
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks