/>
X

Microsoft debunks IIS vulnerability claims

Microsoft has denied claims of a new vulnerability in Internet Information Services 6, putting the blame on poorly configured web servers.
zd-defaultauthor-vivian-yeo.jpg
Written by Vivian Yeo on
Microsoft has denied claims of a new vulnerability in Internet Information Services 6, putting the blame on poorly configured web servers.

In a blog post on Tuesday, the company said it had completed an investigation into claims that a flaw in how the IIS interprets file extensions in uniform resource locators (URLs) can enable an attacker to bypass content-filtering software to upload and execute code on an IIS server. The company found "no vulnerability" in IIS.

Security researcher Soroush Dalili highlighted the issue on Christmas Day in a research paper released via his website, describing the impact as "highly critical for web applications".

For more on this story, read "Microsoft debunks IIS vulnerability claims" on ZDNet Asia.

Related

He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Southwest Airlines has cancelled 20,000 flights. Now for the really bad news
screen-shot-2021-07-07-at-4-01-12-pm.png

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Business
McDonald's and Chick-fil-A both have a big problem. Only one has a solution
screen-shot-2022-06-28-at-6-24-27-pm.png

McDonald's and Chick-fil-A both have a big problem. Only one has a solution

Business