Comments on: Microsoft warns of new server vulnerability

Software maker says an unpatched flaw in its Web-serving software could offer a hole for malicious code to attack systems.

[monkeyfun14]

Why the hell mention a vulnerability that no one is exploiting before you have a patch to fix it.

[boyd087]

Why not? If the vulnerability has been publicized to any extent, then it's worthwhile to spread the word so that system administrators about a potential vulnerability and ways to mitigate risk. Instead of waiting for an exploit that uses a vulnerability, be proactive.

On the other hand, I would think/hope that this vulnerability would not impact most IIS configurations. Generally, it's probably good form to keep file system ACLs enforced and limit the IIS anonymous user account to read-only access on the IIS folder structure. Are there any major web applications that live on IIS that require this (and I'm asking because I'm not sure)? Additionally, there are probably a lot of IIS servers out there that don't even have WebDAV turned on. Also, it looks like IIS7 (Server 2008/Vista) isn't affected.

[johnwbaxter--2008]

How could there possibly be a vulnerability in IIS!? There must be some mistake.

[dhavleak]

Not sure what you're implying there.

[slickuser]

keep them coming!

[Outside_Looking_In]

Oh, no! Not another vulnerability in another Microsoft product! It's all lies! All lies I tell you!

[Angmarr]

very informative

[The_happy_switcher]

Wow, and it's not even Tuesday yet.

[gertruded]

It must be some mistake, there has already been one hole revealed today. Isn't Windows wonderful?

[wolivere]

All OS's have them, http://www.ubuntu.com/usn

[3rdalbum]

I'll buck the trend and say good on Microsoft for issuing a timely security advisory before anyone is affected by the problem.

[ExWinUser]

Now my Microsoft Certifications are worthless again!