US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens. Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability.

US-CERT encourages users to implement the following workaround to help mitigate the risks until a patch or update is available from the vendor:

Disable WebDAV. Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing "Translate: f" headers. Please note that disabling WebDAV may affect the functionality of other applications such as SharePoint.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity