Microsoft warns of web server flaw

By

Microsoft is investigating a newly reported flaw that could put websites at risk of attack..

Microsoft warns of web server flaw
The company has issued an advisory on the vulnerability, which affects Windows XP Professional SP2, Windows Server 2003, Windows Vista and Windows Server 2008.

The problem exists in Windows' handling of code within its Internet Information Services (IIS) and SQL Server.

If exploited, the vulnerability could allow a user to elevate access privileges to that of the LocalSystem administration tool.

Microsoft warned that companies that make extensive use of user-provided code, such as site hosts, are especially vulnerable.

Microsoft has yet to receive any reports of the vulnerability being targeted, but security experts have already warned of a possible attack.

"The vulnerability is limited to a local privilege escalation, but IIS' susceptibility is concerning," wrote McAfee researcher Karthik Raman.

"The web server is widely used on the internet, and is a top pick by web-hosting providers. We might see web-hosting providers targeted, and their clients' websites breached."

Microsoft is still investigating the reports and will make a decision on whether to issue a patch immediately or wait until its next scheduled security update on 13 May.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
flawmicrosoftofsecurityserverwarnsweb

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?