Microsoft yesterday released an advisory about another flaw discovered in its IIS web server software, a buffer overrun vulnerability that could allow an attacker to gain complete control of an affected web server.
The company also warned that the Indexing Service in Windows XP beta is also affected by the same vulnerability.
The problem stems from the default installation procedure of several Internet Services Application Programming Interface [ISAPI] extensions.
Only last month a similar glitch was found in the same module, giving away command line access to the attacker.
This time a bug in idq.dll, which provides support for administrative scripts and data queries, can be exploited during a web session and give an attacker complete control of the machine.
"Exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it," said Microsoft.
"This includes changing web pages, reformatting the hard drive or adding new users to the local administrators group."
The glitch affects all versions of IIS running on NT, 2000 or beta versions of XP. Estimates suggest that as many as six million sites could be affected by the bug, an opportunity for hackers to have a field day.
"Clearly, this is a serious vulnerability, and Microsoft urges all customers to take action immediately," reads the company advisory.
"Customers who cannot install the patch can protect their systems by removing the script mappings for .idq and .ida files via the Internet Services Manager in IIS. However, it is possible for these mappings to be automatically reinstated if additional system components are added or removed", it adds.
As a safeguard, Microsoft recommends patching the server anyway.
The patch can be downloaded here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago