Microsoft posts patch for IIS Web Server

Microsoft has unveiled a patch for a new security breach in its Internet Information Server (IIS) Web server, dubbed the "GET" vulnerability. The company says that the vulnerability could allow denial-of-service attacks to be mounted against web servers using Windows NT Server.

The vulnerability involves the HTTP GET method, which is used to obtain information from the Web server. GET requests that have been purposefully modified can create a denial of service situation that consumes all server resources, causing the machine to hang. This situation cannot happen accidentally. Microsoft notes that this vulnerability does not allow data on the server to be compromised, nor does it allow any privileges on it to be usurped.

Microsoft has released the following IIS hot-fixes:

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish