Tuesday, September 8, 2009

Microsoft IIS Vulnerabilities Across Releases

Microsoft IIS Vulnerabilities Across Releases

New IIS attacks (greatly) expand number of vulnerable servers

The Register published a short article of concern for those of us in the Network Management industry, where we customer or internet facing platforms for reporting delivery.

Microsoft continues to say that IIS5 running on Windows 2000 appears to be the only version that is vulnerable to attacks that can remotely execute malicious code on an underlying server. But it's now clear that hackers can target every version of IIS to cause denial-of-service attacks.
If you have a current or legacy IIS server - this may place your installation at risk. This is an piece of old code, meaning that historical code that you have not touched for awhile will be at risk. The risk centers around industry standard FTP protocol, one of the backbone protocols of the internet.

If Microsoft is not releasing patches for your old release of IIS, time to think about replacing that old portal.

No comments:

Post a Comment