Microsoft issues advisory on server flaw

Microsoft on Tuesday issued a security advisory for a Web server flaw that was made public on Monday.

The flaw affects certain versions of Microsoft Internet Information Services product, but to be exploited it requires a user to have the FTP function enabled. The flaw could allow an attacker to take over the server.

In its advisory, Microsoft said it has not seen any active attacks, although it acknowledges that detailed exploit code was published to the Web.

Microsoft said it is still working on patching the flaw but said the advisory has advice that customers can use to protect themselves.

"Microsoft is currently working to develop a security update for this issue to address this vulnerability and will release it once it has reached an appropriate level of quality for broad distribution," Microsoft said.

In a posting on Monday, the U.S. Computer Emergency Readiness Team (US-CERT) suggested IT administrators "disable anonymous write access to the FTP server to help mitigate the vulnerability" but added that "a proper impact analysis should be performed prior to taking defensive measures."

No responsibility can be taken for the content of external Internet sites.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: