A Computer Emergency Response Team released a report today saying that Microsoft's Internet server software-Internet Information Server IIS server) has a serious security defect, this vulnerability may allow intruders to send remote commands to the IIS server network server.
The group warned that the security vulnerability recently discovered is very similar to a previously widely used security vulnerability on the IIS server.
"This security flaw in Microsoft IIS servers," said Shawn Hernan, a network security analyst at a computer security organization at the University of Carnegie Mellon at the Signing center of CERT, "In fact, it was discovered by an NSFocus consulting company in China." Hernan did not disclose the details of the incident.
"If a hacker successfully exploits this security defect, he may send instructions to a network server, replace the website webpage, and attempt to obtain some other 'authorization ', "The thief wanted to enter a room because there was a safe deposit box," Hernan added."
In order to reduce the occurrence of this problem on the IIS server, the Computer Emergency Response Team recommends that you follow the instructions below to configure the network server:
- Http://www.microsoft.com/technet/security/iis5chk.asp
- Http://www.microsoft.com/technet/security/iischk.asp
- Http://www.microsoft.com/technet/security/tools.asp
We will explain more questions about the IIS server in the future.