International Telecommunication Union   ITU
Site Map Contact us Print Version
 Monday, 07 September 2009
New IIS attacks (greatly) expand number of vulnerable servers

Attackers have begun actively targeting an unpatched hole in Microsoft's Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.

In an updated advisory published Friday, Microsoft researchers said they are seeing "limited attacks" exploiting the vulnerability, which resides in a file transfer protocol component of IIS. Exploit code publicly released in the past 24 hours is now able to cause vulnerable servers to crash even when users don't have the ability to create their own directories.

Read More

ITU Global Cybersecurity Agenda