Home / bulletins MS09-020 - Important: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) - Version:1.0
Posted on 15 June 2009
There is an newer version: MS09-020 - Version: 1.1
ImportantSeverity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs.
Other versions
- MS09-020 - Version: 1.0
- MS09-020 - Version: 1.1
- MS09-020 - Version: 1.1
