ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Microsoft web server files open to hacking

Microsoft has warned about a bug that allows attackers to snoop on password-protected files on servers.

By Asavin Wattanajantra, 19 May 2009 at 11:17

gallery

Microsoft is investigating reports of a vulnerability in its popular web server Internet Information Services (IIS), which could allow an attacker to access password-protected files.

In its advisory, Microsoft said that "an elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests".

Microsoft said it was investigating public reports of the problem, but so far wasn’t aware of attacks that tried to use the vulnerability or of any customer impact.

The United States Computer Emergency Readiness Team (US-CERT) said it was already aware of publicly available exploit code and active exploitation of the flaw.

Security researcher Nikolaos Rangos said exploitation of the flaw could allow an attacker to get into password-protected folders, as well as allow the listing, downloading and uploading of files into a password-protected WebDav folder.

Security engineer Thierry Zoller has more details on the vulnerability, and warned that until the impact was 100 per cent clear, administrators should disable WebDav.

Last year, Microsoft denied there was any vulnerability in IIS after a a massive SQL injection attack had affected hundreds of thousands of web pages.

Email to a friend

Print this page

< Previous   Web Servers : News Next >

1 comments

You need to Login or Register to comment.

dost

dj love i love

By djlove on Friday Jun 12

0 people out of 0 found this comment useful.

Did you find it useful?

    You may also like...

 Sponsored Links

advertisement

    You may also like...

    Latest Web Servers Analysis & Insight

puppy linux logo

Puppy Linux: Just for fun

Puppy Linux is something different, a tiny version of Linux that can be stored on a USB memory drive, will run in memory, and can be used for working on the move.

Read more

 

More Web Servers Analysis & Insight

    Latest Web Servers Reviews

DeviceLock 7 boxshot

DeviceLock 7 review

Rating: 5

Accidental or deliberate data leakage is now a major security headache for businesses. Dave Mitchell takes a look at DeviceLock 7 to see if it plugs those holes that others leave behind.

Read more

 

More Web Servers Reviews

advertisement

    Most popular

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Register
Sponsored Links
Advertisement