MS Internet Information Services Security Feature Bypass Vulnerability (2982998) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS14-076.

Impact

Successful exploitation will allow remote attackers to bypass certain security restrictions. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/library/security/MS14-076

Insight

The flaw is due to an error within the Microsoft Internet Information Services (IIS) component.

Affected

Microsoft Internet Information Services 8.0/8.5 on Microsoft Windows 8 x32/x64 and Microsoft Windows 8.1 x32/x64 Edition

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/60354
https://support.microsoft.com/kb/2982998
https://technet.microsoft.com/library/security/MS14-076

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4078

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
Microsoft Kerberos Denial of Service Vulnerability (977290)
Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
Microsoft Windows Active Directory Denial of Service Vulnerability (2853587)
Microsoft .NET Framework Information Disclosure Vulnerability (2567951)

Take action and discover your vulnerabilities