Tech

Microsoft warns of new server vulnerability

Microsoft said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS).

Written by Ina Fried, Contributor May 18, 2009 at 10:29 p.m. PT

A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late on Monday.

In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)."

The company said that a flaw exists in a certain type of web-serving operation.

"An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests," Microsoft said. "An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."

Microsoft said it is not aware of attacks using the vulnerability. The company said it may provide an update as part of its monthly Patch Tuesday or, depending on the severity, could provide a fix outside its monthly patching schedule.

In the meantime, the company listed on its website certain configuration settings that can help mitigate the impact of the flaw.

This article was originally posted on CNET News.

Editorial standards

Show Comments

Microsoft warns of new server vulnerability

Related

Can Meta AI code? I tested it against Llama, Gemini and ChatGPT - it wasn't even close

Want to become a successful data professional? Do these 5 things

The best free AI courses (and whether AI 'micro-degrees' and certificates are worth it)