MS accepts there is an inconsistency in how IIS 6 handles semicolons in its IISURLs, but it denies that this lends itself to hacking attacks. Babuk Locker s encryption mechanisms and abuse of Windows Restart Manager sets it apart. Read the full article in The Register, which includes a look back at what was hot with readers. The Register looks back at the security stories that were most top-of-mind for security professionals and consumers in 2014.
Source: https://threatpost.com/microsoft-downplays-zero-day-iis-issue-123009/73311/