Welcome to WebmasterWorld Guest from 3.81.29.226

Forum Moderators: ocean10000

Message Too Old, No Replies

No patch for Windows Server 2003 IIS critical bug

     
1:14 am on Mar 31, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10563
votes: 1123


Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 the operating system it stopped supporting roughly two years ago.

The buffer overflow bug can be exploited to inject malicious code into a vulnerable machine and execute it, allowing an attacker to gain control of the computer. It requires WebDAV to be enabled.

[theregister.co.uk...]

2003 is getting long in the tooth and support actually stopped in 2015 ... but there is a third party fix. Read the article for info.