Microsoft has acknowledged the existence of a vulnerability in Microsoft Internet Information Services (IIS).

"The IIS file parsing extension vulnerability can be executed by passing files with multiple extensions separated by a semi-colon," writes SearchSecurity.com's Robert Westervelt. "Proof-of-concept exploit code works on IIS 6 and prior versions."

"Microsoft engineers began researching the vulnerability when a new claim surfaced last week," Westervelt writes.

Click here to read the SearchSecurity.com story.