Security researcher Soroush Dalili has discovered a vulnerability in the most recent version of Microsoft's Internet Information Services.

"The bug stems from the way IIS parses file names with colons or semicolons in them... Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension '.asp,'" writes The Register's Dan Goodin. "By appending ';.jpg' or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware."

"A Microsoft spokeswoman said company researchers are investigating the report," Goodin writes.

Click here to read the story at The Register.