Microsoft mengeluarkan Security Advisory (971492) terkait bugs IIS 6.0
Terkait dengan isu keamanan pada web server IIS 6.0 microsoft mengeluarkan Microsoft Security Advisory 971492;Vulnerability in Internet Information Services Could Allow Elevation of Privilege. Walau microsoft belum mengeluarkan patch untuk menutupi kelemahan web server IIS 6.0 ini, namun microsoft menjelaskan langkah untuk mendisable WebDAV jika dimungkinkan, juga setting ACLs untuk menutup akses bagi user anonymous. Langkah yang sementara ini aman untuk menghindari hacker menerobos windows server IIS 6.0.
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Internet Information Services (IIS). An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.
We are not aware of attacks that are trying to use this vulnerability or of customer impact at this time. Microsoft is investigating the public reports.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Informasi lebih lanjut silahkan kunjungi:
http://www.microsoft.com/technet/security/advisory/971492.mspx
Exploite Code:
http://cenary.com/iis-6-webdav-exploit-code.html
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
[...] versi 8.0. Enam kategori untuk memperbaiki celah pada Windows dan salah satunya untuk memperbaiki IIS 6.0 WebDAV bugs yang diketahui bulan lalu. Tiga kategori untuk memperbaiki Microsoft [...]