Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 – the operating system it stopped supporting roughly two years ago. The buffer overflow bug can be exploited to inject malicious code into a vulnerable machine and execute it, allowing an attacker to gain control of the computer. It requires WebDAV to be enabled. If you have such a machine exposed to or reachable from the internet, and you get hacked, maybe you deserve it.
ORIGINAL SOURCE: The Register
The post WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft appeared first on IT SECURITY GURU.
from WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft