Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Microsoft Security Response to IIS Software Vulnerability
Group 1
02/03/2014
The Microsoft Security Response Center (MSRC) works with partners and security
researchers around the world to help prevent security incidents and to advance Microsoft
product security. A known vulnerability with Microsoft’s Internet Information Server
software (IIS) has just been identified and confirmed by the Microsoft Security Response
Center. Microsoft has received information that black hat hackers are aware of this
vulnerability and intend to exploit it. Unless the vulnerability is addressed millions of users
of Microsoft’s IIS are at risk, along with the data of millions of other individuals. The risks
of not immediately addressing and resolving this threat would be devastating, and it could
also severely damage Microsoft’s reputation and affect its relationship with its
stakeholders. Some of the most critical concerns presented by the exploitation of this
vulnerability include:
Unauthorized access to the operating systems of millions of servers by black hat hackers.
· These unauthorized users would be able to reformat the servers’ hard drives, change or
modify website content, and steal data or install additional software on the machine.
· Microsoft’s reputation could easily be damaged if this vulnerability is not promptly
addressed and resolved.
In order to protect its users and help minimize or prevent this damage, Microsoft must
release a patch as soon as possible. It is essential that Microsoft follow through with a
thorough development and testing plan in order to release a patch that will resolve the
security threat and also pass full compatibility testing. Although this is an emergency
situation for Microsoft, the successful and rapid development of a patch can highlight
Microsoft’s capabilities and efficiencies in addressing known security vulnerabilities.
Microsoft should use this as an opportunity to convey to its shareholders and users how
dedicated Microsoft is to ensuring the quality and safety of its software. In order to
properly handle this situation, Microsoft must prioritize its next steps, and act immediately.
The primary objectives at this point would be to contact the IIS development team and get
them on the situation and to legitimize the security vulnerability.
Immediate Steps Necessary to Resolve IIS Software Vulnerability
1. Open a formal investigation of the software vulnerability immediately, obtain
information about possible security problems. An emergency timeline of five days should
be set for fully developing, testing, and releasing an initial patch. Further development and
testing may be needed to continue past this deadline in order to improve the patch and
