Slashdot Mirror


Millions of Websites Affected By Unpatched Flaw in Microsoft IIS 6 Web Server (pcworld.com)

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported but still widely used. From a report on PCWorld: The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003. Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.

2 of 91 comments (clear)

  1. There's nothing you can do about idiot admins by Viol8 · · Score: 4, Interesting

    Extended support finished 2 years ago yet apparently there are still many admins (I used that term advisedly) running public facing websites who think its perfectly acceptable to run this software. This is beyond moronic but short of giving them all a royal kick up the backside I can't see a solution unless the companies involved fancy paying MS $$$ for a fix just for them.

  2. From 2003? by MobyDisk · · Score: 4, Interesting

    independent web server surveys suggest that IIS 6.0 still powers millions of public websites

    Whaa?? Who runs a public web site on a 14-year old version of the server???? That site claims 8 million of them!