Microsoft has confirmed officially a zero-day security vulnerability affecting Internet Information Services (IIS). The security hole was initially reported just ahead of Christmas on December 23rd, and the Redmond company provided the first response at the end of the past week. So far, the issue in question affects version 6 of IIS on a fully patched Windows Server 2003 R2 SP2; however, additional IIS releases might also be impacted. Jerry Bryant, Microsoft security program manager, notes that Microsoft is aware of the problem and that investigation into the matter has already been kicked off. At the same time, Bryant assured customers running IIS that it hasn’t detected any active attacks in the wild targeting the new 0-day flaw.

“Our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable. An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration. Customers using out of the box configurations and who follow security best practices are at reduced risk of being impacted by issues like this,” Bryant explained.

The vulnerability identified in Microsoft… (read more)

Steps To Remove Spyware

Microsoft Confirms 0-Day IIS Security Vulnerability

(Please Bookmark this page and take a printout before performing the steps)(# If you are unable to run the given Spyware removal tools, please Rename the Spyware removal tools file name to iexplorer.exe while saving it and then run it)

1. Restart your computer. As your computer restarts but before Windows launches, tap "F8" key constantly. Use the arrow keys to highlight the "Safe Mode with Networking" option and then press ENTER.

2. Open Internet Explorer >> Click on Tools >> Click on Internet Options >> In the the Internet Options window click on the Connections tab >> Then click on the LAN settings button >> Now you will see Local Area Network (LAN) settings window >> Uncheck the checkbox labeled "Use a proxy server for your LAN" under the Proxy Server section and press OK.

3. Download and Run SmitfraudFix

# Run SmitfraudFix.exe and select the option 2 and follow the on screen instructions. Then select the option 5 and continue. Then Exit.

4. Download and Run Malwarebytes' AntiMalware.