Microsoft faces a rash of zero-day vulnerabilities in some of its most important software, according to recent disclosures of unpatched bugs, including flaws in Windows XP, Internet Explorer and its flagship Web server.
Along with the unveiling of a vulnerability by a group of disgruntled security researchers who have dubbed themselves the Microsoft-Spurned Researcher Collective (MSRC), Microsoft has been served notice of at least three other flaws in the last few weeks.
Last Thursday, researcher Soroush Dalili published information about a vulnerability in Internet Information Services (IIS) , Microsoft's Web server software. According to Dalili, who works as an information security analyst in the gambling and casino industry, authentication in older editions of IIS can be bypassed, giving attackers a leg up in any assault on a companies Web server.
The bug can be exploited in IIS 5.1, but not the newer IIS 6, IIS 7 or IIS 7.5, said Dalili.