MS Internet Information Services Security Feature Bypass Vulnerability (2982998) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS14-076.

Impact

Successful exploitation will allow remote attackers to bypass certain security restrictions. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/library/security/MS14-076

Insight

The flaw is due to an error within the Microsoft Internet Information Services (IIS) component.

Affected

Microsoft Internet Information Services 8.0/8.5 on Microsoft Windows 8 x32/x64 and Microsoft Windows 8.1 x32/x64 Edition

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/60354
https://support.microsoft.com/kb/2982998
https://technet.microsoft.com/library/security/MS14-076

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4078

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability (2821818)
Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
Microsoft FrontPage Information Disclosure Vulnerability (2825621)

Take action and discover your vulnerabilities