Security Alerts - April 2008
Oh well, been busy and no time to post this back then. In the routine patch Tuesday this month, Microsoft released 8 security bulletins with 5 of which in critical severity and one specific bulletin is related to IIS in a way. The 08-022 actually replaced the old fixes in 2006.
Summary: This security update resolves a privately reported vulnerability in the VBScript and JScript scripting engines in Windows. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
For more information, refer this. Take note that all existing Windows Scripting Engine 5.1/5.5/5.6 on W2k/XP/W2k3 are affected, while Vista/W2k8 are not affected.