Home Another IIS hole discovered
News

Another IIS hole discovered

Geoff Gasior
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

No, it’s not an old-news backdoor, but a simple glitch that can be fixed with patches found in this Microsoft security bulletin. The Reg has the following explanation.

When an obfuscated file name passes the first decoding, which, among other things, searches for .com and .exe extensions, a second, superfluous decoding restores the original name and grants access to the executable file, handily enabling an attacker to carry out a directory traversal and run arbitrary code outside the Web directory.

The vulnerability enables the execution of arbitrary code, denial of service attacks, and data disclosure — which is a total drag if you have a file full of credit card details somewhere on your server.

I do have to wonder how many admins will simply fail to administer this patch, and end up as a news story themselves a week or two from now when the world comes crashing down around them.

Latest News

Cristiano Ronaldo, the highest paid athlete in 2023
Statistics

Top 20 Highest-Paid Athletes in 2023-24

Avast Slapped With A Fine of $16.5 Million For Selling User Data
News

Avast Slapped With A Fine of $16.5 Million For Storing & Selling User Data

Avast, the popular cybersecurity company that’s best known for its VPN and antivirus software (especially its class-leading free antivirus solution), is being fined for infringing upon its user’s privacy. The...

Google
News

Reddit Inks $60 Million AI Content Licensing Agreement with Google

Social media platform Reddit has finalized a landmark content licensing contract with Google. The deal is worth about $60 million per year and will supply the search and advertising giant...

Nationwide Cyber Attack Slows Down Prescription Processing
News

Nationwide Cyber Attack Slows Down Prescription Processing Across Pharmacies 

Google's AI Image Bot Too Woke, To Undergo A Fix
News

Google Promises To Fix Its AI Image Bot After It Was Accused Of Being Too Woke

Bitcoin
News

Bitcoin Advocate Tom Lee Defends Bitcoin Over Claims of Illegal Use

Bitcoin BTC Steady Above $51,000 Level Amidst Volatility, Expert Predicts Continued Price Growth
Crypto News

Bitcoin BTC Steady Above $51,000 Level Amidst Volatility, Expert Predicts Continued Price Growth