UPDATED: Hackers could take control of Microsoft's IIS server

A flaw in IIS could allow the bad guys to come in and take control.

There is a warning of a vulnerability in Microsoft's Internet Information Services (IIS) web server, which could allow hackers to execute code and take control.

The United States Emergency Readiness Team (US-CERT) had posted an advisory about the issue, alerting users to a problem in the Microsoft IIS FTP service.

It was reported that the exploit code was originally posted on the Milw0rm site on Monday, which could soon make real-world attacks a possibility.

IIS 5 and IIS 6 are vulnerable. IIS is the second most popular web server behind Apache, according to statistics from July.

"By issuing an FT NLST (NAME LIST) command on a specially-named directory, an attacker may cause a stack buffer overflow," US-CERT's warning said.

"The attacker can create the specially-named directory if FTP is configured to allow write access using Anonymous account of a another account that is available to the attacker."

Microsoft confirmed the vulnerability in a security advisory, but stressed that it had not seen active attacks using the exploit code.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021