• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Resources
  • Data Strategy Spotlight
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Resources
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • Data Strategy Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Microsoft confirms zero-day flaw in IIS

Vulnerability in FTP service in IIS versions 5.0, 5.1 and 6.0

  • Phil Muncaster
  • Phil Muncaster
  • 02 September 2009
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments
Microsoft
Microsoft is not currently aware of active attacks on the IIS flaw

Microsoft has warned of a new zero-day vulnerability in its Internet Information Services (IIS) which could allow remote code execution by hackers.

The company has issued a security advisory for the vulnerability, which lies in the File Transfer Protocol (FTP) service in IIS 5.0, 5.1 and 6.0.

Microsoft said that, although the code has been published widely on the internet, the firm is "not currently aware of active attacks that use this exploit code, or of customer impact at this time".

"The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name," the company said in a Security Research and Defense blog post.

"To be vulnerable, an FTP server would need to grant untrusted users access to log into and create that long, specially-drafted directory. If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs."

Microsoft is advising companies to prevent untrusted users from having write access to the FTP service until a fully-tested security update is available. This can be achieved by turning off the FTP service if it is not needed, or preventing anonymous users from writing via IIS settings, said the blog posting.

IIS is the second most popular web server in the world after Apache, according to the latest figures.

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Web
  • Internet
  • Microsoft IIS
  • Microsoft

V3 Latest

Scientists find adding nanowires to lithium-ion batteries could prevent fire risk
Scientists find adding nanowires to lithium-ion batteries could prevent fire risk

As well as increase capacity and performance

  • Components
  • 26 April 2018
TSMC starts high volume production of 7nm chips
TSMC starts high volume production of 7nm chips

Claims to have "the most competitive logic density" in the industry

  • Components
  • 25 April 2018
Dell unveils Precision 5530 2-in-1 mobile workstation with Radeon Pro WX Vega M GL graphics
Dell unveils Precision 5530 2-in-1 mobile workstation with Radeon Pro WX Vega M GL graphics

Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs

  • Hardware
  • 25 April 2018
Europol coordinates close down of 'world's biggest' DDoS-for-hire service
Europol coordinates close down of 'world's biggest' DDoS-for-hire service

Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia

  • Security
  • 25 April 2018
Back to Top

Most read

Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year
British security start-up launches lip-sync authentication technology
British security start-up launches lip-sync authentication technology
Almost 90 per cent of UK websites suffer from 'serious' security flaws
Almost 90 per cent of UK websites suffer from 'serious' security flaws
Europol coordinates close down of 'world's biggest' DDoS-for-hire service
Europol coordinates close down of 'world's biggest' DDoS-for-hire service
How NoSQL database technology and IoT sensors are being put to work saving endangered elephants and tigers
How NoSQL database technology and IoT sensors are being put to work saving endangered elephants and tigers
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017