Security

Microsoft warns of web server flaw

Microsoft warns of new flaw in Internet Information Server

Microsoft warns of major SharePoint flaw

Microsoft releases Exchange Server 2010 beta

Microsoft unveils Windows Server 2008 Foundation

Breaking Stories

Enex net filter lab contract up for grabs

CSIRO sells search engine

Quantum encrypted networks coming soon to business

Australian code for US Coast Guard cutters

Huawei considers Australian 4G lab

Microsoft is investigating a newly reported flaw that could put websites at risk of attack..

The company has issued an advisory on the vulnerability, which affects Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows Server 2008.

The problem exists in Windows' handling of code within its Internet Information Services (IIS) and SQL Server.

If exploited, the vulnerability could allow a user to elevate access privileges to that of the LocalSystem administration tool.

Microsoft warned that companies that make extensive use of user-provided code, such as site hosts, are especially vulnerable.

Microsoft has yet to receive any reports of the vulnerability being targeted, but security experts have already warned of a possible attack.

"The vulnerability is limited to a local privilege escalation, but IIS' susceptibility is concerning," wrote McAfee researcher Karthik Raman.

"The web server is widely used on the internet, and is a top pick by web-hosting providers. We might see web-hosting providers targeted, and their clients' websites breached."

Microsoft is still investigating the reports and will make a decision on whether to issue a patch immediately or wait until its next scheduled security update on 13 May.

Comments

Be the first to comment on this article.

Thoughts on this article? Add a comment below.

Comment:

Want to participate in the discussion?

Or log in now to comment

Ads by Google

Top Stories

Part two of the regulatory reforms paper.

Power to the people?

Admits error with Macquarie Telecom data centre.

Spotlightthe topics we're following

Latest Comments

"I turn bluetooth off on my mobile to save the battery. Looks like now I've got another reason. "

on Bluetooth "Big Brother" tracks festival-goers

by Slatts Jul 4, 2009 1:09 PM

"I'm kind of assuming that the water was used in water cooled condensers for the air-conditioning...."

on Macquarie data centre loses water supply

by Slatts Jul 2, 2009 8:54 PM

"Why do we have to listen to Nick Minchin's comments? He is just about irrelevant in his opinions ..."

on Conroy reveals six regional backhaul winners

by ngo Jul 2, 2009 8:35 PM

" It's not very surprising that the Chinese junta still wants to impose the 'Green Dam - Youth ..."

on China paper says Web filter only a matter of time

by anonymous Jul 2, 2009 3:49 PM

"I would suggest for anyone wanting to join in the BOINC projects such as SETI@home, World ..."

on Five things your CPU can do when it's idle

by wolfgang8741 Jul 2, 2009 5:37 AM

Polls

What will you do when your iPhone contract comes up for renewal?

Retain my current service provider
Switch to a cheaper plan
Switch to a better network
Switch to whoever offers free tethering
Change handset altogether

| View results

Retain my current service provider

12%

Switch to a cheaper plan

18%

Switch to a better network

17%

Switch to whoever offers free tethering

18%

Change handset altogether

36%

TOTAL VOTES: 193