Barney's Blog

Blog archive

There's a Hole in IIS

Internet Information Services (IIS) has a big hole, and so far there's no fix -- just a warning. Versions 5 through 6 are vulnerable to an "elevation of privilege" attack.

So far no one has been struck, as far as we know, and there are some things you can do. Make sure your access control lists are disciplined and that those who don't need access don't have it. You can also set up fake admin accounts that don't actually have admin rights. This way an intruder may think he's cracked your system, but can't actually do anything. Pretty clever.

Posted by Doug Barney on 05/20/2009 at 1:16 PM


Featured

  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.