06.160.2009 - MS09-020 - Important: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication. These vulnerabilities allow an attacker to bypass the IIS configuration that specifies which type of authentication is allowed, but not the file system-based access control list (ACL) check that verifies whether a file is accessible by a given user. Successful exploitation of these vulnerabilities would still restrict the attacker to the permissions granted to the anonymous user account by the file system ACLs. - View Microsoft Security Bulletin MS09-020 - View Microsoft Knowledge Base Article - 970483 - Visit Microsoft Corporation