Unpatched IIS Flaw Being Exploited | Tony Bradley

Unpatched IIS Flaw Being Exploited

by Tony Bradley • September 4, 2009 • Blog

Are you running IIS? If so, you should be aware of an exploit currently being used by attackers in the wild.

The exploit primarily affects older versions of IIS. The initial exploit code targets IIS 5.0 running on Windows 2000 and could allow the attacker to take complete control of the IIS server. Newer exploit code was subsequently released which affects IIS 5.0, 5.1, 6.0 and 7.0, and could affect users running IIS on Windows XP and Windows Server 2003. The newer exploit code results in a DoS (denial-of-service).

Both attacks rely on IIS also running FTP and that the attacker has some access to be able to write to the server. Microsoft will be releasing the September Security Bulletins this coming Tuesday, but this threat is just emerging and is not expected to be included as one of the regularly scheduled patches this month.

Microsoft has issued a Security Advisory related to these attacks which includes mitigating factors and workarounds you can use to protect your IIS server pending a more permanent fix from Microsoft.

Tags: attacker, attackers, code, complete control, Control, denial-of-service, DoS, exploit, IIS, Microsoft, mitigating factors, Newer, older versions, security, security advisory, server, server microsoft, windows, windows server

About Tony Bradley

Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

http://www.tonybradley.com
My Sites
Testimonials
"Tony provided Aladdin Knowledge Systems with excellent content featuring the right combination of comprehensive security knowledge and the effective application of security in today’s business environment.”
Mike Lange
Aladdin Knowledge Systems
Twitter
- Facebook marketing may not be worth it for GM's $10 million, but that doesn't mean that Facebook ads don't work. It… https://t.co/4ilENa2T 03:34:13 PM May 16, 2012 from ManageFlitter Reply Retweet Favorite
- Why Facebook Marketing Doesn't Work for GM. http://t.co/WN0RBkxa 03:04:01 PM May 16, 2012 from TweetDeck Reply Retweet Favorite
- New and Improved SkyDrive Is a Threat to Dropbox. http://t.co/7pblpuQ7 01:58:01 PM May 16, 2012 from web Reply Retweet Favorite
@thetonybradley
Facebook

Tony Bradley on Facebook