Weekly Infosec News Brief: 27 Mar-2 Apr 2017
Unpatched Vulnerability in Microsoft IIS 6.0 Web Services Announced A serious vulnerability in Microsoft Internet Information Server (IIS) 6.0 was publicized last week when someone posted proof-of-concept exploit code to GitHub. The vulnerability was apparently known to some hacker groups previously, and has been exploited in attacks since last summer, but its existence was not well-known and the ability to exploit it was not widespread. IIS 6.0 runs on Windows 2003 Server, which is no longer supported by Microsoft, so no patch for this flaw is expected to be released. Still, there are hundreds of thousands of publicly-accessible websites still running on IIS 6.0, so this is a serious issue. Critical Vulnerability Discovered in IIS 6.0 Web Services VMWare Issues Patches for Critical VM-Escape Flaws in Multiple Products Since virtual computing technology was popularized in the 2000s, the greatest security concern has been the possibility of "virtual machine escape," or