Security Alerts - April 2008 (Special)

Microsoft revised two security bulletins yesterday. One of which is related to .Net Framework published last year, not major update or new fixes but rather doc updates on changes related to releases of WinXP SP3.

On the other hand, in the recent Hack in the Box conference in Dubai, a new exploit in system account access token has been released to the public. This is related to the native design of current Windows access token in which entire OS is subjected to the vulnerability, and of coz IIS is part of it. Microsoft has released a new security advisory last week, take note that all Windows OSes are affected, ranging from XP, W2k3 and all the way to Vista and W2k8. The current mitigation is to stop using default built-in application pool identity and assign custom account identity for the worker processes.

Published Thu, Apr 24 2008 1:49 by qbernard

Filed under: IIS News, Community Info

Comments

# Server: Microsoft-IIS/7.0\r\n said on 14 April, 2009 11:20 PM: A year ago... Cesar Cerrudo presented a serious vulnerability via evalvation of privilege involving the
# Server: Microsoft-IIS/7.0\r\n said on 14 April, 2009 11:22 PM: A year ago... Cesar Cerrudo presented a serious vulnerability via evalvation of privilege involving the

Server: Microsoft-IIS/7.0\r\n

Security Alerts - April 2008 (Special)

Comments

News

Search

This Blog

Tags

Archives

IIS Sites

MVPs - MVPs

IIS Related

Syndication