Microsoft has confirmed the security hole in its IIS web server, but hasn't disclosed which versions of the product are affected. According to the finder of the "semi-colon bug", versions up to and including version 6 are vulnerable. The hole allows attackers, for instance, to camouflage executable ASP files as harmless JPEG files and upload malicious code to a server.Microsoft confirms IIS hole - The H Security: News and Features
Well thanks. Something is wrong with one of the IIS, but we can't know which one yet.
Luck for us we can get better information
Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version 6. Other versions may also be affected”.
Secunia has confirmed the vulnerability
Looks like a serious bug with he standard configuration of Windows Server. Probably good reason to move to Window 2008 Server with IIS 7, but I have not been able to confirm that this is NOT impacted as well.
Blogged with the Flock Browser