Microsoft Windows IIS Multiple Vulnerabilities ( 15 September 2010 )
RISK: Medium Risk
1. IIS Repeated Parameter Request Denial of Service Vulnerability
A denial of service vulnerability exists in Internet Information Services (IIS) that could allow an attacker who successfully exploited this vulnerability to interrupt service, causing the server to become un-responsive. An attacker could exploit the vulnerability by sending specially crafted URL requests to active server pages on a Web site hosted by IIS.
2. Request Header Buffer Overflow Vulnerability
A remote code execution vulnerability exists in Internet Information Services (IIS) that an attacker could exploit by sending specially crafted HTTP requests to IIS servers with FastCGI enabled.
3. Directory Authentication Bypass Vulnerability
An elevation of privilege vulnerability exists in Internet Information Services (IIS). An attacker who successfully exploited this vulnerability could bypass the need to authenticate to access restricted resources.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Internet Information Services 5.1
- Internet Information Services 6.0
- Internet Information Services 7.0
- Internet Information Services 7.5
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Internet Information Services ASP
- Windows XP Service Pack 3
- Internet Information Services 5.1 - Windows XP Professional x64 Edition Service Pack 2
- Internet Information Services 6.0 - Windows Server 2003 Service Pack 2
- Internet Information Services 6.0 - Windows Server 2003 x64 Edition Service Pack 2
- Internet Information Services 6.0 - Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Information Services 6.0 - Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Internet Information Services 7.0 - Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Internet Information Services 7.0 - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Internet Information Services 7.0 - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Internet Information Services 7.0 - Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Information Services 7.0 - Windows 7 for 32-bit Systems
- Internet Information Services 7.5 - Windows 7 for x64-based Systems
- Internet Information Services 7.5 - Windows Server 2008 R2 for x64-based Systems
- Internet Information Services 7.5 - Windows Server 2008 R2 for Itanium-based Systems
- Internet Information Services 7.5 - Internet Information Services FastCGI
- Windows 7 for 32-bit Systems
- Internet Information Services 7.5 - Windows 7 for x64-based Systems
- Internet Information Services 7.5 - Windows Server 2008 R2 for x64-based Systems
- Internet Information Services 7.5 - Windows Server 2008 R2 for Itanium-based Systems
- Internet Information Services 7.5 - Internet Information Services Authentication
- Windows XP Service Pack 3
- Internet Information Services 5.1
Vulnerability Identifier
Source
Related Link
Share with