Barney's Blog

Blog archive

There's a Hole in IIS

Internet Information Services (IIS) has a big hole, and so far there's no fix -- just a warning. Versions 5 through 6 are vulnerable to an "elevation of privilege" attack.

So far no one has been struck, as far as we know, and there are some things you can do. Make sure your access control lists are disciplined and that those who don't need access don't have it. You can also set up fake admin accounts that don't actually have admin rights. This way an intruder may think he's cracked your system, but can't actually do anything. Pretty clever.

Posted by Doug Barney on 05/20/2009 at 1:16 PM


Featured

  • Microsoft Adds Modular Datacenter to Azure Space Efforts

    Microsoft this week introduced the Microsoft Azure Modular Datacenter as part of its overall Azure Space effort.

  • Microsoft and Partners Continue To Block Trickbot To Protect Elections

    Microsoft on Tuesday provided an update about its efforts, along with partners, to take down the Trickbot criminal network, which uses servers and devices to spread ransomware.

  • Microsoft Releases Windows 10 and Windows Server Versions 20H2

    Microsoft on Tuesday announced the "semiannual channel" release of Windows 10 version 20H2, otherwise known as the "October 2020 Update," and it also released Windows Server version 20H2.

  • How To Debug a PowerShell Script

    Here are three pointers for finding and fixing any bugs in your PowerShell script, no matter how long it is.

comments powered by Disqus