Microsoft warns of new server vulnerability

A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.

In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)."

The company said that a flaw exists in a certain type of Web-serving operation.

"An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests," Microsoft said. "An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."

Microsoft said it is not aware of attacks using the vulnerability. The company said it may provide an update as part of its monthly Patch Tuesday or, depending on the severity, could provide a fix outside of its monthly patching schedule.

In the meantime, the company listed on its Web site certain configuration settings that can help mitigate the impact of the flaw.

This article was first published as a blog post on CNET News.

Talkback 0 comments

• Compliance and Risk Management Manager
• Sales Engineer/Sales Executive (Security System)
• Security Engineer
• China SOX Coordinator
• Security Analyst

TechGuides

Use shades of gray to enhance scale in Excel

Excel's palette is generous, but don't throw buckets of pigment all over your spreadsheets just because you can.

Read more »

Latest from Blog Central

Ultimate 2012 recovery site: the moon

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Hitachi Eco-Products

Juniper Networks