IIS

New vulnerability in IIS5 and IIS6

This afternoon, the MSRC posted a security advisory describing a newly-disclosed vulnerability in the IIS FTP service that could potentially grant remote code execution to untrusted users. You can find the advisory here. Vulnerability summary The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name. To be vulnerable, …

New vulnerability in IIS5 and IIS6 Read More »

Answers to the IIS WebDAV authentication bypass questions

We have heard several questions from customers about the WebDAV authentication bypass issue on IIS. We wanted to post common questions and answers here to help anyone else who might have the same question. Question: Is Sharepoint vulnerable to the authentication bypass? Answer: No, Sharepoint is not vulnerable to this vulnerability. The Sharepoint team does …

Answers to the IIS WebDAV authentication bypass questions Read More »

More information about the IIS authentication bypass

Security Advisory 971492 provides official guidance about the new IIS authentication bypass vulnerability.  We’d like to go into more detail in this blog to help you understand: Am I at risk? If so, what could happen? How can I protect myself? Which IIS configurations are at risk? Only a specific IIS configuration is at risk …

More information about the IIS authentication bypass Read More »