Microsoft to Soon Issue Patch for IIS Flaw
Last Tuesday, the software giant issued a security warning for official error in three previous versions of IIS server, which is the second most popular web server in terms of overall websites.
This happened just a day after the exploit code was published.
Microsoft first revealed in May that it is investigating reports of the elevation of a “privilege” of vulnerability that could be used to create an anonymous HTTP request to access a site that normally requires authentication.
On Wednesday, Microsoft announced it was working on developing a patch for the flaw, which allows hackers to run the stack buffer overflow and insert malicious code on the IIS server through your FTP server.
Until a patch is properly in place, the company has suggested that administrators responsible for IIS 5.0, 5.1 and 6.0 Web servers to implement various defensive measures.