Posts Tagged ‘Microsoft IIS 0-day’

Microsoft IIS 0-Day

New vulnerability has been discovered by Soroush Dalili in the latest popular Microsoft web server IIS, the vulnerability allows an attacker to bypass the IIS security and execute remotely a malicious code on the system. According to the researcher the gap exist due to the web server incorrectly executing e.g. ASP code included in a [...]

Share

Microsoft leaves patches surprise

Microsoft announced lately that it will release five critical updates for windows, but at this time Microsoft did not provide the technical details regarding the patch list like the previous one. However Andrew Storms nCircle’s Director of Security Operations, made a statement about the possible upgrade kit composition, In particular the expert suggested that we [...]

Share

IIS exploit in-the-wild

Proof-of-concept code was posted on Monday that can lead to gain a full control over server running Microsoft IIS. This vulnerability can be serious for webmasters but the attack can only be successful against old versions of IIS (IIS5, IIS6). The bug is particularly concern the FTP service which is an IIS component that used [...]

Share