Microsoft Security: IIS Vulnerability, Leaked Office 2010 Tech Preview Infected
Article by George Norman
On 20 May 2009
Two pieces of security news to report from the Microsoft camp: the first one is that IIS (Internet Information Services) is plagued by a 0-day vulnerability that if exploited by a person with malicious intent via a specially crafted anonymous HTTP request could allow the attacker access to locations that require authentification; the second is that the leaked Office 2010 Technical Preview is infected with malware (similar to the leaked Windows 7 RC versions which were infected by a Trojan which attempted to build a botnet – details here).

Security Response Communications Lead with Microsoft, Christopher Bud, comments on the IIS vulnerability: “wanted to let you know that we have just posted Microsoft Security Advisory (971492). This advisory contains information regarding public reports of a vulnerability in Microsoft Internet Information Services (IIS) that could allow Elevation of Privilege. Products affected are IIS 5.0, IIS 5.1, and IIS 6.0. The advisory contains guidance and workarounds that customers can use to help protect themselves. We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information. At this time, we are not aware of any known attacks that attempt to use this vulnerability.”


According to Christopher Bud, the issue is caused by an elevation of privilege vulnerability that affects the way the WebDAV extension handles HTTP requests. Access to locations that regularly require authentification can be obtained by someone who uses an anonymous HTTP request to exploit the vulnerability. A patch for this security vulnerability will be provided by the Redmond-based software developer as part of its Patch Tuesday program; if the vulnerability will be actively exploited, then Microsoft will issue an out-of-date patch.

The Technical Preview version of the upcoming Office 2010 productivity suite that has been leaked and is available for download via torrent sites also poses a security risk to your PC. It seems the software is infected with viruses – this information was acknowledged by the Office 2010 team.

“I wanted to […] acknowledge the information that you have seen today around bits of Office 2010 being leaked. While all of us here are happy to see the incredible excitement and engagement (and are absolutely chomping at the bit to reach the July milestone) we aren’t quite ready to release the technical preview bits. I would encourage all of you to wait until the official bits are available to ensure the best possible experience and not miss out on anything we may include. As a heads up, because we want to ensure our customers are safe, we have been monitoring various torrents and already detected quite a few that were infected. Please be aware that if you download this torrent there is a very good chance you are also getting some unexpected malware with it,” explained Office TPM, Reed Shaffner.

Tags: Microsoft, Security, IIS, Internet Information Services, Office 2010, Technical Preview
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Microsoft Security: IIS Vulnerability, Leaked Office 2010 Tech Preview Infected
HTML Linking Code