Vulnerability Protection

Vulnerability in Microsoft IIS Server Could Allow Escalation of Privilege

Details

Report ID:

MS20170311

Date Published:

15 March 2017

Date Revised:

Criticality:

Important

Compromise Type:

Escalation of privilege

Compromise From:

Remote

Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

Summary

A vulnerability in the Microsoft Internet Information Services (IIS) Server could be exploited to allow an attacker into gaining escalated privilege on an affected system.

Detailed Description

Microsoft has released a security update to address a reported vulnerability in the Microsoft Internet Information Services (IIS) Server. The vulnerability was caused by improper sanitization of a specially crafted request, and it could be exploited to carry out cross-site scripting attacks on affected systems. This issue has been fixed in the latest security update by correcting the way that Microsoft IIS sanitizes web requests. 

CVE Reference

CVE-2017-0055

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/MS17-016

Source

Microsoft Security Bulletin MS17-016