Microsoft: Cyber-crooks exploiting unpatched IIS bug
- 07 September, 2009 07:08
- Comments
Microsoft says that cyber-criminals are starting to exploit an unpatched bug in its IIS server software that was made public earlier this week.
The flaw can be exploited to let an attacker take control of an older IIS (Internet Information Services) 5.0 server running on Windows 2000, provided the hacker has some way of creating an FTP (File Transfer Protocol) directory on the server. Attack code that exploits the bug was posted Monday.
Other IIS users could also be hit with a denial of service (DoS) attack, thanks to a second attack, posted to the Milw0rm Web site on Thursday.
This new code could be used to launch a DoS attack against IIS 5.0, 5.1, 6.0 and 7.0, and could affect users running IIS on Windows XP and Windows Server 2003, Microsoft said. For the attack to work, however, the server needs to be running the FTP service, and the attacker must be able to read files on the system.
Microsoft updated its security advisory on the issue late Thursday, saying it was starting to see "limited attacks that use this exploit code."
That generally means that only a handful of attacks have been spotted. Other security vendors contacted Friday said they had not seen the IIS bug being used in attacks.
Microsoft will release its scheduled September security updates on Tuesday, but it is not expected to fix this bug until it has had more time to test and develop a patch. Microsoft was not notified of the bug until the attack code was made public on Monday.
"The initial vulnerability was not responsibly disclosed to Microsoft, which has led to limited, active attacks putting customers at risk," Microsoft said in a Thursday blog posting.
Microsoft didn't say whether the attacks it had seen involved installing malicious software on an IIS server or simply making it crash. The company did not respond to a request for more information on the subject.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4)
- Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service
- Microsoft Security Advisory (975191): Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution
- The Microsoft Security Response Center (MSRC) : Microsoft Security Advisory 975191 Revised
- Eliminating Tape
- Seven Steps to Effective Data Governance
- Optimizing Data Quality in the Enterprise - How to Tackle Your Bad Information
- Developing an Information Strategy - Strategize, Align, Govern, Execute, and Optimize
- Virtualisation and Cloud Computing: Optimised Power, Cooling, and Management Maximises Benefits
-
Coalition NBN better or worse?
-
CSIRO develops hands-free technology for mining repairs
-
Broadband Forum to improve IPTV performance with new spec
-
Amazon Web Services moves backups to cloud with new appliance
-
Callforfree.net.au offers free calls to 70 countries
-
Windows 7 for Dummies® Dvd+book Bundle
-
Computers for Seniors for Dummies, 2nd Edition
-
Teach Yourself Visually Windows 7
-
Microsoft Office
-
Windows 7 for Dummies®
-
Office 2007 All-In-One Desk Reference for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Windows 7 for Seniors for Dummies®
-
Excel 2007 All-In-One Desk Reference for Dummies
Comments
Post new comment