Home > Developer > Windows

Microsoft responds to the remote control vulnerability exposed by the IIS service

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

On June 23, December 31, Microsoft's security department director Chris thover Badr told the media that after a rigorous investigation, no major security vulnerabilities were found in IIS services (Network Information Services.

It is reported that bud responded after the IIS Service reported a remote control vulnerability last week.

However, the investigation found that there is a defect in the IIS service that cannot handle the URL interval number. However, this defect does not allow hackers to bypass the security filtering software to upload executable code to the IIS server. Bud also believes that the default configuration of the IIS service in the same directory will prevent potential attacks. users do not have to worry about any problems as long as they follow normal security steps.

Last week, suo luoxi Dai Li, a researcher at Secunia, a professional vulnerability analysis company, pointed out that Microsoft's IIS service has a high-risk vulnerability. The cause of the vulnerability is that IIS parses the file name with semicolons or colons. Many Web applications are configured to reject upload with executable files, such as ASP (dynamic server homepage ).

However, hackers may pretend to use the malicious program xx.aspas as xx.asp..jpg or other harmless files to bypass firewall and other protection facilities.

According to Microsoft's official statement, users can operate properly to avoid harm caused by the IIS server vulnerability.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More