Hackers are taking control of web servers after the announcement of a bug discovered within the older IIS 5.0 platform. Web servers running Microsoft Server 2000 and IIS 5.0 are susceptible to the exploit if they are running also running an FTP service and hackers have a way to create an FTP directory on the server.
Other IIS users could be subjected to a Denial-of-Service (DoS) attack thanks to an exploit published by milw0rm.com. This new code could be used to launch a DoS attack against IIS 5.0, 5.1, 6.0 and 7.0, and could affect users running IIS on Windows XP and Windows Server 2003, Microsoft said. For the attack to work, however, the server needs to be running the FTP service, and the attacker must be able to read files on the system.
Microsoft updated its security advisory on the issue late Thursday, saying it was starting to see "limited attacks that use this exploit code."
Microsoft will release its scheduled September security updates on Tuesday, but it is not expected to fix this bug until it has had more time to test and develop a patch. Microsoft was not notified of the bug until the attack code was made public on Monday.
"The initial vulnerability was not responsibly disclosed to Microsoft, which has led to limited, active attacks putting customers at risk," Microsoft said in a Thursday blog posting.
Microsoft didn't say whether the attacks it had seen involved installing malicious software on an IIS server or simply making it crash.
Such attacks can be prevented by ensuring your web server is located behind a firewall and FTP services are disabled.
Posts
No comments:
Post a Comment