Update para o IIS

Pessoal,

Nas atualizações mensais da Microsoft de Fevereiro saiu duas atualizações importantes para o IIS que devem ser atualizados, pois são falhas perigosas.

Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Impact of Vulnerability – Elevation of Privilege

Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

This important update resolves a privately reported vulnerability in Internet Information Services (IIS). A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.

Impact of Vulnerability – Remote Code Execution

Eu já testei essa atualização em dezenas de servidores, e nenhum apresentou problemas.

Esta entrada foi publicada em Sem categoria. Adicione o link permanente aos seus favoritos.

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *