View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 30, 2009

Microsoft ISS FTP server vulnerable to attacks, says report

Flaw allows attackers to gain control of the system

By CBR Staff Writer

A hacker has uncovered a vulnerability in Microsoft’s Internet Information Services (ISS) product, which could allow attackers to gain control of vulnerable machines.

Proof-of-concept code for a zero-day vulnerability was posted to the Milw0rm website. Reportedly, the flaw affects the FTP module of the IIS 5.0 and 6.0. As the flaw lies in the file transfer protocol used by the IIS, the system would be vulnerable only when the FTP is enabled by the user.

The US-CERT said in a statement: “US-CERT is aware of a public report of a vulnerability affecting the Microsoft Internet Information Services (IIS) FTP service. This vulnerability may allow a remote attacker to execute arbitrary code.

The Cybersecurity agency is advising the administrators to disable anonymous write access to the FTP server, in order to mitigate the vulnerability. However, the agency said that proper impact analysis should be performed prior to taking defensive measures.

Microsoft is said to be investigating the claims of a reported vulnerability in IIS 5.0 and 6.0 file transfer protocol (FTP). The company reportedly said that it would take steps to protect its customers if the vulnerability is confirmed.

InformationWeek reported Microsoft spokesperson as saying: “We are currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.