Microsoft Investigates IIS Zero-Day Security Vulnerability
Microsoft is investigating reports of a vulnerability affecting Microsoft Internet Information Services' FTP module after exploited code surfaced on the Web. The vulnerability could be leveraged by an attacker to execute arbitrary code, officials at US-CERT warn.Microsoft officials are investigating reports of a zero-day bug affecting Microsoft Internet Information Services in response to the appearance of exploit code on the Internet. The exploit, which targets a FTP server remote stack overflow, was published Aug. 31 on Milw0rm.com. According to US-CERT, the vulnerability may allow a remote attacker to execute arbitrary code. The code is listed as working on IIS 5.0 and 6.0 on Windows 2000, and affects IIS 6.0 with stack cookie protection.
"We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," a Microsoft spokesperson said. "We will take steps to determine how customers can protect themselves should we confirm the vulnerability.