Microsoft schedule five "Remote Code Execution" patches for Patch Tuesday
Microsoft plans to release five Windows updates on its forthcoming Patch Tuesday on the 8th of September. All of the updates address security issues that, in the worst case, allow remote attackers to inject and execute code which could, for example, allow an attacker to install malware on a user's system. Microsoft has therefore rated all five patches "critical", which is the highest security rating.
It appears that Microsoft plans to leave the hole in the FTP service of its Internet Information Services unpatched for now. Earlier this week, a script became available which allows attackers to gain control of a server with IIS 5, provided the server offers FTP services and the user has write access. Version 6 is also affected by this problem.
Microsoft appears to have also discovered a second security hole in the FTP service of IIS which also affects IIS 7 if FTP Service 6.0 is installed. FTP Service 7.5 does not appear to be vulnerable. This hole can only be exploited to crash the service.
- Microsoft warns of vulnerability in Internet Information Services, a report from The H.