| The name of the base system (platform): | Windows NT |
| Developers: | Microsoft |
| Last Release Date: | 2019/02 |
| Technology: | Corporate Portals |
Content |
2022: Kaspersky Lab discovered a difficult-to-detect SessionManager backdoor
Experts Kaspersky Lab"" discovered a difficult-to-detect SessionManager backdoor. It allows you to access corporate To IT infrastructure and perform a wide range of malicious actions: read corporate, mail distribute harmful ON and remotely manage infected people. Kasperskog servers Lab announced this on July 1, 2022. Loiters introduce malware remotely in the form of a module for IIS. Microsoft More. here
2019: Fix the vulnerability
On February 21, 2019, it became known that the company Microsoft had fixed a vulnerability in its technology for web-Internet servers Information Services (IIS) that could be disabled. With computer its help, an attacker can cause a 100% load, of the central processor forcing IIS to process a specially formed/2 request, and HTTP thereby provoke a denial of service.
In a notification to Microsoft, in certain circumstances, when processing HTTP/2, a set of IIS servers loads the CPU 100% and can cause a slowdown, or even a complete shutdown of the computer.
The problem was discovered by F5 Networks specialist Gal Goldshtein. As of February 2019, there are no other descriptions of the vulnerability besides the official notification of Microsoft. As specified in the notification, the HTTP/2 specification allows the client to set any number of SETTINGS frames with any number of SETTINGS parameters. In some cases, too many SETTINGS can make services unstable and cause a temporary spike in CPU load until the connection time expires.
Microsoft fixed the problem by implementing the ability to set a limit on the number of SETTINGS parameters in the HTTP/2 request that IIS is able to process. The vulnerability was fixed this week with the release of KB4487006, KB4487011, KB4487021 and KB4487029 updates. The limit on the number of SETTINGS parameters is not preinstalled, and after deploying patches, system administrators must install it themselves[1].
2010
A set of servers for multiple Internet services from Microsoft. IIS is distributed with Windows NT operating systems.
As of August 2010, the main component of IIS is a web server that allows you to host sites on the Internet. IIS supports HTTP, HTTPS, FTP, POP3, [[SMTP Simple Mail Transfer Protocol |SMTP]], NNTP.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |