Microsoft confirms serious IIS bug, downplays threat

'Only a specific IIS configuration is at risk,' company saysMicrosoft late Monday confirmed that its Internet Information Services (IIS) Web-server software contains a vulnerability that could let attackers steal data, but downplayed the threat.

"An attacker could exploit the vulnerability by creating a specially crafted HTTP request to a Web site that requires authentication, and thereby gain unauthorized access to protected resources," Microsoft said in a security advisory issued Monday night.

Read Full Story >>
The story is too old to be commented.