Feeds

New IIS attacks (greatly) expand number of vulnerable servers

Microsoft's webserver even easier to exploit

5 things you didn’t know about cloud backup

Attackers have begun actively targeting an unpatched hole in Microsoft's Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.

In an updated advisory published Friday, Microsoft researchers said they are seeing "limited attacks" exploiting the vulnerability, which resides in a file transfer protocol component of IIS. Exploit code publicly released in the past 24 hours is now able to cause vulnerable servers to crash even when users don't have the ability to create their own directories.

That means the bug, for which there is no patch, is easier to exploit than previously thought. In an earlier advisory, Microsoft said attacks only worked when untrusted users had write access to directories. For the moment, Microsoft continues to say that IIS5 running on Windows 2000 appears to be the only version that is vulnerable to attacks that can remotely execute malicious code on an underlying server. But it's now clear that hackers can target every version of IIS to cause denial-of-service attacks.

Microsoft said Thursday that it planned to issue five security updates for next week's Patch Tuesday. None of the affected software listed in the limited disclosure included IIS, so users shouldn't expect a fix then. Microsoft has said only that it plans to issue a patch as soon as one is ready.

In the meantime, IIS users should follow workarounds that include turning off FTP if it's not needed (in more recent versions it's disabled by default), or at the very least, blocking FTP access to unauthenticated users.

The bug is exploited by listing directories with specially manipulated names that trigger a buffer stack overflow in the application. The new exploit code is able to cause IIS6 systems to crash, but Microsoft makes no mention those systems can be further compromised. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.