Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Microsoft puts up a blurb on their website about the IIS 0day. InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft puts up a blurb on their website about the IIS 0day.

Published: 2009-12-28
Last Updated: 2009-12-28 15:36:57 UTC
by Joel Esler (Version: 3)
0 comment(s)

Microsoft has put up a response on their security blog concerning the IIS "0day".  They say that only installations in a specific "non-default" and "unsafe configuration" are vulnerable to the condition.  Also they note that if the administrator had not altered the default configuration and followed best practices in the securing of the webserver, then this exploit wouldn't work.

Unfortunately, we know that doesn't always wind up being the case.  Read more of their blog post here.

Check out Patrick's Post here.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords:
0 comment(s)
Diary Archives