CVE-2017-0055

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016

Description The issue allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request. This is due to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to gain information about the integration platform and operating system using a specially crafted request. An elevation-of-privilege vulnerability allows attackers to affect the system.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016, consider disabling the vulnerable functionality until a patch is available. As a temporary workaround, restrict access to the system to minimize the risk of exploitation. Avoid using specially crafted requests in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.