Microsoft is once again putting sales ahead of customer security, although it is for a 10 to 14 year old operating system which they officially pulled the plug on almost two years ago.  Sadly the end of support did not have any impact on the infrastructure budget allocations of tens of thousands of businesses and so Server 2003 remained in use.  Security researchers spotted an attack last year which exploits a vulnerability in IIS WebDAV which will allow a buffer overflow attack to succeed.  Predictably Microsoft's answer is that you should buy a brand new server OS, with hardware upgrade costs likely to be required as well.  Thankfully there is a patch available from a third party, which you can check out over at The Register

It is a dream, but perhaps this might convince some bean counters that an infrastructure upgrade might be a reasonable investment.

"Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 – the operating system it stopped supporting roughly two years ago."

Here is some more Tech News from around the web:

Tech Talk