Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Downplays IIS Bug Threat

Posted by Soulskill on from the this-is-not-the-bug-you're-looking-for dept.

snydeq writes "Microsoft confirmed that its IIS Web-server software contains a vulnerability that could let attackers steal data, but downplayed the threat, saying 'only a specific IIS configuration is at risk from this vulnerability.' The flaw, which involves how Microsoft's software processes Unicode tokens, has been found to give attackers a way to view protected files on IIS Web servers without authorization. The vulnerability, exposed by Nikolaos Rangos, could be used to upload files as well. Affecting IIS 6 users who have enabled WebDAV for sharing documents via the Web, the flaw is currently being exploited in online attacks, according to CERT, and is reminiscent of the well-known IIS unicode path traversal issue of 2001, one of the worst Windows vulnerabilities of the past decade."

2 of 114 comments (clear)

  1. Re:Not a typical configuration by ionix5891 · · Score: 0, Offtopic

    edit: 4th :P

    when will slashcode implement editing and Unicode?

  2. Re:Are they big enough? by MickyTheIdiot · · Score: 0, Offtopic

    I posted yesterday in reply to someone yesterday I wrote, after he gave a list of multinational corporation products we would "miss" if we didn't have them, that there are damn few products that have to be made by a big corporation, especially given the Internet and the technology available to us now as opposed to 25 or 30 years ago.

    I think you can take that further and say there are a lot of products that can be made a hell of a lot better by a smaller company rather than a multi-national. If that weren't the case, why would we see so many cases of huge corporations that have to spin off or have to set up semi-autonomous units in order to make good quality products.

    Also the definition of "big corporation" is HAZY right now methinks. We should probably be defining "big" these days as in number of dollars or as number of countries. The same tech that makes it possible for small companies to compete on an large scale allows big companies to work with small numbers of workers. "Big" companies don't need the unwashed masses like they used to; they can easily be multi-billion with a relative handful of people. Especially in the US, where the only business model there seems to be right now is 1)buy from overseas 2)sell at huge markup 3)PROFIT!!