I’ve received the ‘feed’ regarding the IIS vulnerability on the 23rd December, but due to busy (preparing for examination) week, the advisory for the vulnerability is still pending.
From my observation, IIS 7 and IIS 7.5 are not vulnerable to the bug.. I already have a few working workaround for the 0day and all of them will be compiled in my upcoming advisory.. soon.. 😛
** [Updated on Tue Dec 29 01:26:39 MYT 2009]
Done! Sent to webmaster. Waiting to be published
** [Updated on Tue Dec 29 21:33:20 MYT 2009]