Microsoft has put up a response on their security blog concerning the IIS "0day". They say that only installations in a specific "non-default" and "unsafe configuration" are vulnerable to the condition. Also they note that if the administrator had not altered the default configuration and followed best practices in the securing of the webserver, then this exploit wouldn't work.
Unfortunately, we know that doesn't always wind up being the case. Read more of their blog post here.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler |
Joel 454 Posts Dec 28th 2009 |
Thread locked Subscribe |
Dec 28th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!