MS Internet Information Services Security Feature Bypass Vulnerability (2982998) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS14-076.

Impact

Successful exploitation will allow remote attackers to bypass certain security restrictions. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/library/security/MS14-076

Insight

The flaw is due to an error within the Microsoft Internet Information Services (IIS) component.

Affected

Microsoft Internet Information Services 8.0/8.5 on Microsoft Windows 8 x32/x64 and Microsoft Windows 8.1 x32/x64 Edition

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/60354
https://support.microsoft.com/kb/2982998
https://technet.microsoft.com/library/security/MS14-076

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4078
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Office Shared Component Security Bypass Vulnerability (2905238)
Microsoft Group Policy Preferences Privilege Elevation Vulnerability (2962486)
Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
Microsoft MS03-034 security check
Microsoft FrontPage Information Disclosure Vulnerability (2825621)

Take action and discover your vulnerabilities