After it confirmed that it was investigating reports in the wild of a zero-day(0-day) security hole affecting Internet Information Services (IIS), Microsoft is now saying that it wrapped up the investigation and that no vulnerability was found. Instead of the alleged security vulnerability, the Redmond company noted that it could only confirm the existence of an inconsistency and nothing else, according to Christopher Budd, security response communications lead for Microsoft.“What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server,” revealed Budd.
The Redmond company explains that the problem detected in combination with insecure IIS configurations allows potential attackers to build exploits from malicious executables put together out of files with multiple extension, which are handled as ASP files by IIS server. “For the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices.... (read more)
One of the aspects of Microsoft that should come as no surprise is that the company plans ahead not just next year’s product launches, but decades in advance, in terms of the evolution of its technology. Not limited to its own software, this strategy is an integral part of how the company is tackling problems faced by education systems world... (
Firefox 4.0, the next major release of Mozilla’s open source browser, will bring to the table a major overhaul of its graphical user interface, one that would put the UI in line the Windows 7 Ribbon/Fluent style. Mozilla has already made public details on the revamping of the Firefox User interface for version 4.0, and various concepts and sketches ha... (
With Valentine's Day just around the corner, Microsoft is helping Windows 7 customers celebrate love right on their desktops. In this regard, the Redmond company has made available for download a new desktop theme designed to integrate seamlessly into the desktop of their Windows 7-power computers. The Lacy Hearts is, as the software giant has put i... (
The latest development milestone of Office 2010 has made it into the wild, even though Microsoft never intended to have the general public get their hands on the release. Earlier this week, the Redmond company revealed that the next iteration of the Office System reached a key milestone in the evolution to RTM, namely the Rel... (
Leave a Reply
You must be logged in to post a comment.