Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Sept. Bug In IIS Impacts All IE Users, Too

Admitting some confusion, a security group Thursday said that it appears one of the vulnerabilities Microsoft disclosed last month affects more users than first thought.

According to a research note posted online by the SANS Institute's Internet Storm Center (ISC), MS06-053, an update and patch for a bug in the IIS server software's indexing, looks like it impacts all users of Internet Explorer.

"There is no ignoring that you do not need an IIS server in the picture," the ISC warning stated. "In fact, all you need is Microsoft's [IE] browser."

MS06-053, which was released Sept. 12, details a cross-site scripting vulnerability in IIS, but also recommends that users of Internet Explorer disable the browser's page encoding auto-detection feature. (By choosing View|Encoding, and deselecting "Auto-Select.")

"The confusion is if this is a server problem or a client problem."

  • 1