Welcome to WebmasterWorld Guest from

Forum Moderators: ocean10000

Message Too Old, No Replies

No patch for Windows Server 2003 IIS critical bug

1:14 am on Mar 31, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
votes: 1123

Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 the operating system it stopped supporting roughly two years ago.

The buffer overflow bug can be exploited to inject malicious code into a vulnerable machine and execute it, allowing an attacker to gain control of the computer. It requires WebDAV to be enabled.


2003 is getting long in the tooth and support actually stopped in 2015 ... but there is a third party fix. Read the article for info.