Microsoft web server files open to hacking
Microsoft has warned about a bug that allows attackers to snoop on password-protected files on servers.

Microsoft is investigating reports of a vulnerability in its popular web server Internet Information Services (IIS), which could allow an attacker to access password-protected files.
In its advisory, Microsoft said that "an elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests".
Microsoft said it was investigating public reports of the problem, but so far wasn't aware of attacks that tried to use the vulnerability or of any customer impact.
The United States Computer Emergency Readiness Team (US-CERT) said it was already aware of publicly available exploit code and active exploitation of the flaw.
Security researcher Nikolaos Rangos said exploitation of the flaw could allow an attacker to get into password-protected folders, as well as allow the listing, downloading and uploading of files into a password-protected WebDav folder.
Security engineer Thierry Zoller has more details on the vulnerability, and warned that until the impact was 100 per cent clear, administrators should disable WebDav.
Last year, Microsoft denied there was any vulnerability in IIS after a a massive SQL injection attack had affected hundreds of thousands of web pages.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Samsung Galaxy Tab S10 FE review
Reviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
By Stuart Andrews
-
DDoS attack turns servers into bots
News A new distributed denial of service attack has been discovered that uses servers to distribute rather than PCs.
By Jennifer Scott
-
Microsoft IIS web server under attack from hackers
News The company has said that exploit code targeting the flaw was ‘not responsibly disclosed’.
By Asavin Wattanajantra
-
UPDATED: Hackers could take control of Microsoft's IIS server
News A flaw in IIS could allow the bad guys to come in and take control.
By Asavin Wattanajantra
-
Apache web server hit by hack attack
News The website of the popular open source web server has been hit by hackers.
By Asavin Wattanajantra