Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Downplays IIS Bug Threat

Posted by Soulskill on from the this-is-not-the-bug-you're-looking-for dept.

snydeq writes "Microsoft confirmed that its IIS Web-server software contains a vulnerability that could let attackers steal data, but downplayed the threat, saying 'only a specific IIS configuration is at risk from this vulnerability.' The flaw, which involves how Microsoft's software processes Unicode tokens, has been found to give attackers a way to view protected files on IIS Web servers without authorization. The vulnerability, exposed by Nikolaos Rangos, could be used to upload files as well. Affecting IIS 6 users who have enabled WebDAV for sharing documents via the Web, the flaw is currently being exploited in online attacks, according to CERT, and is reminiscent of the well-known IIS unicode path traversal issue of 2001, one of the worst Windows vulnerabilities of the past decade."

6 of 114 comments (clear)

  1. Slashdot reported not at risk... by dargaud · · Score: -1, Offtopic

    ...although they use an IIS server with a modified header to make it look like Apache, slashdot.org has been reported 'probably' not at risk since nobody understands its unicode support anyway.

    --
    Non-Linux Penguins ?
  2. Are they big enough? by camcorder · · Score: -1, Offtopic

    I think the story of big is a lie, and I see it all the time in "big" corporations. Employing thousands, and having revenues of billions of dollars make you look "big" but in reality they are incapable of doing very basic things, maybe their "big" body paralizes themselves, but that does not change the truth.

    While most of the companies dream to be one of these "big" ones, they miss that they are much more helpful to their customers when they are "small", because I never got ignored by a small company I worked with about a bug in their service, and moreover they quickly fixed or showed me a work around it quickly.

    And what we see with "big" ones? Posted company Microsoft, knows the problem, they have money, and manpower to fix it. Or that's what we believe in. At the end, what we see is, their 'capability' is such a big lie and only hidden behind the images we're supposed to believe.

    This economic crisis made me think more about the concept of "big". I see lots of "big" companies these days, laying of people as if their employees are member of flocks that they wanted to butcher. It's not their bussinesses that drives them but the numbers and 'analysists'. I mean, think about Lehman Brothers, and how in the earth you think of something to be "big", if it collapsed in just a single year. Who can't claim same thing won't happen for "big" companies in IT industry. Now I belive that "big corporations" are just projections of small companies together which does hell lot of better job than the leeches they serve for.

    1. Re:Are they big enough? by MickyTheIdiot · · Score: 0, Offtopic

      I posted yesterday in reply to someone yesterday I wrote, after he gave a list of multinational corporation products we would "miss" if we didn't have them, that there are damn few products that have to be made by a big corporation, especially given the Internet and the technology available to us now as opposed to 25 or 30 years ago.

      I think you can take that further and say there are a lot of products that can be made a hell of a lot better by a smaller company rather than a multi-national. If that weren't the case, why would we see so many cases of huge corporations that have to spin off or have to set up semi-autonomous units in order to make good quality products.

      Also the definition of "big corporation" is HAZY right now methinks. We should probably be defining "big" these days as in number of dollars or as number of countries. The same tech that makes it possible for small companies to compete on an large scale allows big companies to work with small numbers of workers. "Big" companies don't need the unwashed masses like they used to; they can easily be multi-billion with a relative handful of people. Especially in the US, where the only business model there seems to be right now is 1)buy from overseas 2)sell at huge markup 3)PROFIT!!

    2. Re:Are they big enough? by MickyTheIdiot · · Score: -1, Offtopic

      Meta-modders take note... how the hell is that article flamebait??

  3. Re:Not a typical configuration by ionix5891 · · Score: -1, Offtopic

    whats this? a 4rd msft article on /. frontpage!

    looks for a linux article... nope none.. does mac count?

    no wonder linux is scratching with 1% "penetration" when the flagship linux "propahanda" (i kid i kid thats a joke) site cares more about windooz

    all publicity is good publicity they say...

  4. Re:Not a typical configuration by ionix5891 · · Score: 0, Offtopic

    edit: 4th :P

    when will slashcode implement editing and Unicode?