New IIS 0day?

Microsoft France defaced -- is an IIS 0day in the offing?

The SANS Internet Storm Center is warning that a new, undiscovered (0day) exploit for Microsoft’s IIS Web server may be circulating online. Among the evidence they point to are a defacement of a Microsoft France Web page (documented via Flickr here.) and some “chatter” on defacement hub Zone-H that attributed it to a Web server intrusion which could mean an IIS hole, or merely a Web application hole. Given the widespread use of IIS as a Web server, any 0day, remotely exploitable hole is serious business. However, pictures of a small-scale defacement of microsoft.fr (the targeted page is offline) are hardly proof enough to warrant getting alarmed. Who knows, given the tendency of defacers to exaggerate, and France’s bum luck of late, there could be greater powers at work here than a mere Web server hole!

Security

Topics

About

Policies

Our Network

More

New IIS 0day?

Microsoft France defaced -- is an IIS 0day in the offing?

More from this author

The state of open source security

The state of open source security

McAfee sideshow eclipses Defcon’s real security breakthroughs

5 big security mistakes coders make

9 rules to follow after you’ve suffered a data breach

Beware the next circle of hell: Unpatchable systems

How to build stronger password hashes? Hold a contest

Hackers gonna hack — but you’re more secure than you think

Show me more

Kotlin 2.3.20 harmonizes with C, JavaScript/Typescript

Final training of AI models is a fraction of their total cost

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

How to run your own little local Claude Code (sort of!)

How to build desktop apps in Typescript with Electrobun

Write and run assembly in Python with Copapy