Public exploits available
This is an issue in Microsoft Internet Information Services (IIS) which enables a user to upload a malicious file when served with a specially crafted malicious URL. Note that IIS must be in a non-default, unsafe configuration for this issue to occur.
Due to non-default, unsafe configuration the attacker can upload malicious files to the server.
This is a security bypass issue in Microsoft Internet Information Services (IIS) while handling file names which contain multiple extensions. Note that IIS must be in a non-default, unsafe configuration for this issue to occur.
All applications not on the affected list.
No known solution at this time.
No known false positives at this time.
Restrict write access permissions for the IUSR_computername account. This will help limit the access anonymous users have to your computer.
Store executable files in a separate directory. This makes it easier to assign access permissions and audit for administrators.
Create a group for all anonymous user accounts. You can deny access permissions to resources based on this group membership.
Deny execute permissions for anonymous users to all executables in Windows directories and subdirectories.
Use IP address restriction if administering IIS remotely. For more information, see Securing Sites with IP Address Restrictions.