(WEB HOST INDUSTRY REVIEW) — Despite making promises last week to patch up a bug in its Internet Information Services, many security analysts say that it is unlikely that Microsoft (www.microsoft.com) will be able to ready the fix in time for Tuesday’s regular monthly patch release.
Last Tuesday, the software giant issued a formal security advisory for the bug in three older versions of IIS server, which is the world’s second most popular web server in terms of overall websites.
This came just one day after the exploit code went public.
Microsoft first revealed in May that it is investigating reports of an “elevation of privilege” vulnerability which could be used to create an anonymous HTTP request to gain access to a location that usually requires authentication.
On Wednesday, Microsoft announced it was working on developing a patch for the bug, which lets hackers implement stack buffer overflow and insert malicious code onto the IIS’s server via its FTP server.
Until a patch is properly in place, the company has suggested those administrators responsible for IIS 5.0, 5.1 and 6.0 Web servers to implement several defensive measures.
