On Tuesday, Microsoft has warned users that a previous ftp protocol unknown vulnerability exists in the Information Service (IIS) software.
This protocol stack overflow vulnerability allows attackers to remotely exploit the server. They may create directories for untrusted users. This security vulnerability may be exploited and needs to be written through a long-term process to construct a special directory name to the server. Microsoft announced it. This vulnerability affects IIS 2000 for Windows 5.0 IIS 5.1, Windows xp iis 2003, and Windows Server 6.0.
"If attackers can successfully exploit this vulnerability, they can run code on the FTP service's local system under the FTP service," Microsoft's security response center (MSRC) members wrote in the group's blog.
Microsoft provides three solutions. If the IIS administrator is not used, the FTP service can be disabled. Another method is to use the access control list (ACL) to prevent the creation of any new directory. Finally, IIS can prevent anonymous users from creating new directories.
Microsoft said that services running on IIS 7.0 Windows Vista or Windows 2008 will not be affected by this vulnerability.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
