Serious flaw discovered in Microsoft IIS

Code was posted at the well-known Milw0rm website on Monday that will cause Microsoft's Internet Information Services (IIS) server to be remotely exploited. Fortunately, the vulnerability appears to affect only older versions of IIS such as IIS 5.0 running on the Windows 2000 platform. In addition, Microsoft's File Transfer Protocol (FTP) will have to be enabled since the malware is specific to this service. Calling for caution, independent researcher Thierry Zoller noted that "Other versions of IIS are also at risk."

Microsoft is still investigating at the moment. The company has said that it is not aware of any attacks using this vulnerability. For now though, organizations running older versions of IIS will do well to either disable Microsoft's FTP server if unused, or disable anonymous write access to it.

For more on this story:
- check out this article at Computerworld
- check out this article at CNET News

Related Articles:
Researchers offer tool to break into Oracle database system
Court order puts a stop to Defcon talk on subway hacks
Hackers claim $10,000 prize for breaking into webmail
Just launched IE 8 successfully hacked

Mifare Classic RFID successfully hacked