Millions of Websites Affected By Unpatched Flaw in Microsoft IIS 6 Web Server

A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used. From a report on PCWorld: The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003. Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *