Microsoft is once again putting sales ahead of customer security, although it is for a 10 to 14 year old operating system which they officially pulled the plug on almost two years ago. Sadly the end of support did not have any impact on the infrastructure budget allocations of tens of thousands of businesses and so Server 2003 remained in use. Security researchers spotted an attack last year which exploits a vulnerability in IIS WebDAV which will allow a buffer overflow attack to succeed. Predictably Microsoft's answer is that you should buy a brand new server OS, with hardware upgrade costs likely to be required as well. Thankfully there is a patch available from a third party, which you can check out over at The Register.
It is a dream, but perhaps this might convince some bean counters that an infrastructure upgrade might be a reasonable investment.
"Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 – the operating system it stopped supporting roughly two years ago."
Here is some more Tech News from around the web:
- How to leak data from an air-gapped PC – using, er, a humble scanner @ The Register
- Galaxy S8 face recognition already defeated with a simple picture @ Ars Technica
- Brit inventor beats Elon Musk to it and builds a real-life Iron Man suit @ The Inquirer
- Your Save Data Is Not Safe On the Nintendo Switch @ Slashdot