- TalkBack 1 of 15:
- Next »
- Thread View
- Flat View
- Can I summarize?
-
First you need to not only install IIS, you
also need to install the FTP functionality in
IIS. Got it.
Also, remember that only servers that allow
untrusted users to log on and create arbitrary
directories are vulnerable.
Then you have to configure your FTP server to
allow anyone to login without entering a
password and then give them write permission.
IIS 6 is at reduced risk because it was
built with /GS which help protect the service
from exploits by deliberately terminating
itself when the overflow is detected before
attacker?s code runs. We have not seen exploit
code for this vulnerability that is able to
bypass the /GS protection.
Got it. So while there is a buffer overflow
flaw in IIS 6, if you ever try to take
advantage of it, FTP restarts itself before
your attack code has a chance to run. And IIS5
was replaced 6 years ago.
While we have seen detailed exploit code
published on the Internet for this
vulnerability, we are not currently aware of
active attacks that use this exploit code
No kidding. And if you do get hit by this, run,
don't walk, to your HR department and have them
fire your entire IT staff. - Posted by: NonZealot Posted on: 09/01/09 You are currently: a Guest | Members login | Terms of Use
Can I summarize?
NonZealot | 09/01/09
|
 
Don't be so hasty
Michael Kelly | 09/02/09
|
not being hasty
diane wilson | 09/02/09
|
|
RE: Microsoft confirms IIS zero-day flaw; Exploit code published
Samic | 09/01/09
|
|
IIS 5.0 is ancient news.
IE8 | 09/02/09
|
|
RE: Microsoft confirms IIS zero-day flaw; Exploit code published
Loverock Davidson | 09/02/09
|
|
Microsoft dominates the world.
kevingolde | 09/02/09
|
|
Which is why
Loverock Davidson | 09/02/09
|
|
which is why
kevingolde | 09/02/09
|
|
you first
pgit | 09/02/09
|
|
here's a clue
kevingolde | 09/03/09
|
|
Exploit is a minor flaw?
zdnet-registraion | 09/03/09
|
|
Reality check
honeymonster | 09/03/09
|
|
Exploit is irrelevant - old news
gllincoln | 09/03/09
|
|
irelevant yes; flaw yes
zdnet-registraion | 09/03/09
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
> Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
Meet Doc
-
-
Here to help you with your Document Management Needs
- Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
- To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
-
Produced by
ZDNet and -
