Patch/Configuration Management, Vulnerability Management

Microsoft IIS 0-day

Proof-of-concept code for a new Microsoft zero-day stack overflow vulnerability was posted Monday on exploit repository Milw0rm. The exploit is present in the file transfer protocol (FTP) module in Microsoft Internet Information Server (IIS) 5.0 and 6.0, the SANS Internet Storm Center said in a blog post Monday. A Microsoft spokeswoman told SCMagazineUS.com that the company is investigating the vulnerability but is not aware of any in-the-wild exploits.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.