Microsoft Investigates IIS Zero-Day Security Vulnerability | eWeek

Microsoft Investigates IIS Zero-Day Security Vulnerability

Verfasst von
Brian Prince
Brian Prince
Aug 31, 2009
1 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Microsoft officials are investigating reports of a zero-day bug affecting Microsoft Internet Information Services in response to the appearance of exploit code on the Internet.

The exploit, which targets a FTP server remote stack overflow, was published Aug. 31 on Milw0rm.com. According to US-CERT, the vulnerability may allow a remote attacker to execute arbitrary code. The code is listed as working on IIS 5.0 and 6.0 on Windows 2000, and affects IIS 6.0 with stack cookie protection.

“We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact,” a Microsoft spokesperson said. “We will take steps to determine how customers can protect themselves should we confirm the vulnerability.

“Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”

US-CERT suggested administrators disable anonymous write access to the FTP server to mitigate the vulnerability. Before doing so, however, admins should perform a thorough impact analysis, US-CERT advised.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.