Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Warns IIS Vulnerability Is Under Attack



 By: Brian Prince
2009-09-04
Article Rating:starstarstarstarstar / 4


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Microsoft reports that a zero-day vulnerability in Internet Information Services is now the subject of limited attacks. Exploit code for the IIS vulnerability is known to have been circulating publicly for the past several days.

Microsoft officials are reporting limited attacks targeting a zero-day vulnerability in the FTP service in Internet Information Services.

The IIS vulnerability warning follows the release of new exploit code that can be used to create a DoS (denial of service) condition on Windows XP and Windows Server 2003 without requiring Write access. Also, a new proof of concept allowing a DoS was disclosed Sept. 2 that affects FTP 6, which shipped with Windows Vista and Windows Server 2008.

Resource Library:

Microsoft first issued an advisory on the bug Sept. 1, a day after exploit code for the vulnerability was posted on Milw0rm. In addition to a DoS, if the bug is successfully exploited it can allow remotely authenticated users to execute arbitrary code via a crafted NLST command that uses wildcards.

"An attacker with access to FTP Service could use this vulnerability to cause a stack-based overrun that could allow execution of arbitrary code in the context of the LocalSystem account on systems running IIS 5.0, or denial of service on affected systems running IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0," Microsoft warned. "In configurations of FTP Service where anonymous authentication is allowed, the attacker need not be authenticated for exploitation to occur."

Microsoft stated Aug. 31 that a patch for the vulnerability is on the way. In the meantime, information on mitigations and workarounds has been made available. Microsoft advised administrators to modify NTFS (NT File System) permissions to disallow directory creation by FTP users and to disallow FTP write access to untrusted anonymous users. Users can also upgrade to FTP Service 7.5.

A fix for the vulnerability is not expected to be included in the Sept. 8 Patch Tuesday release.





  Reader Comments: Microsoft Warns IIS Vulnerability Under Attack
>>> Post your comment now!
Should we be surprised?
IIS has always been the most insecure web platform out there. This announcement comes as no surprise to me.
Posted At: 09-09-09
By: blarman
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}is㶲*Qމg5E=ҔlcؖI*EBc!)/˟_n?~M -yLIlKX@h4I"gnZ΄ܦdwÀ>]K$wB}wNUQV #7,(bP<HwO7n[Y0Ra᳙,Q :#:BPL5MΚMH]ٚ7'x2)X $8kzZ'jZ$l,P'w ZB'?*B4m$*oqT|:XQ=*2rНęO,}!*Ka'e%S5ExLԤ#|xB'gxdY (ƻfՉziZgdd vu(uɣ59N.N7߈ QR"jt0KQI 1u$/@Bs>o VQWB-r)ځVR\FZV@`F%pbQUrgSKbй;d9:=vN|bPk5Mz"1h gxk4X-:O/9ǽ>9]ΧQٝF4Aqgs j__[r\? mz g6~l M u ôW+ I-Gbw4|!j]~<<$ץ#Y>!_w nr@ i/]"{beQ S5fhXӀ?$eR2z&q, ߱n\S@`hoN\ hYKS7B u%u,5Hr Y@a)#8?S݇E pJq䨉k>ش 6,%̟hJyOM3XE U >hi,A[}N}W%M 1F|r+̤"`Q%-> 'LLlOyx!jY[V'jdamI՘iS_dxeޡ:I=x9&E;~C8^$glh|* ]ezbcZ7WZGTd~PJCU~X8ʕ85n!SGñA &s;,w~Ά(mNQ'}`|鎓JXI"|euDyqj.S+ԍEhn6H`Ni1[W mE9H_,}TaCkFYGI t"&qsк&o`1fàJ{t$4/fG`^@48`88ʬE!1y@!Xfsĵ[ݲeǀԜ{:0$w2J}#>] cRRR$S !I#r*B!l`@n% [AX rZ T:ʦBIg}znV}T[h+\KJAfkf(2{~4 cfBd '&Xr`Y \+|)l 6rij>д53[[uy=[Iڰ-cT#0q<3X9` ߽h t ڷI!VF13OD)sz@aex**#7T4?Ռy`OEڏa5=%ӻnR?ԝQԽƠ;BZSMs\'~r-ʭD֒e]G{_Fo6ʞy4 mVJ{g@y# lK kZԕ>%/E$$"Yu`}.EOb ҉0Z4:pR1Wl(`R5JȄm%kytW4E%X&`ܰ- : 9P87S~81P!^G'YzP?]|:'}=r=Cg4#p:yz 2DM A1ҧh xZWS<`m1Lx>x# d6, ,[b)C.Wݡk?tG[Qz%1щj*SaA3[6(T,a?79yê*?NՊRRiO9&"_Gƍ [d*ЧmPܱk]>fD&QڞV-B-g\npb Z*LgAqA04L\y5/|Vw6V0ܖnSOPa;;PqANl*IH qNIQ)kMXg"9oLI3 hȐ0ցq_HE"}[kppLU.)L0:Jj +,XT=;4f6tW߀’:lx"RBsM}=1* 2`t&RZUU+Zp*ϹoǼO h7IղAkJZ8~G;a&rn&5{G 27\' ׫UVj@8H3AI j;!5q#L6xLR)49~r`!gP5([hre$ $"zbJ+=< (V*UY.xqNL_~ۅ^kueAjdE6kJ~Zg779h 4@(+wNIIcg't>}{,&,{^z;At/} {@N;0^x;,5. XH݋οIWREӸo9!K Nbw}WszZ^+^6J; "/kU9 s}{!d};]f{ёҽN z֓! Rb p.DN*f3ڌ6NJ̓!X=80<VWf@ ;WX9x?ӱB3ZOUc>)|F A0?e2ﬨC> YZgō7"lSO+}2L:1D*rޞS)ZB {rϽt1ݻQLw)tLe~=m32lC%ܟ1KL)gdJD/ =)!jښI4g"8J542 eI? U'0㓄PV Ywɂ/#5=۴< /.غmDrF3gm\&( q0Ϣ@)Rp[0#Ţ鳁Ѫ}+ ŏyZc:M $"ONjX._TĎ{3 >#]([w3vxNd\Q:YZ1?n_Z7Shta_9b|;t3'5L;hF/@&nL xV='hs .1ocm:;x@VBP$w"BZ("Wk zc촫BR͠y{`o&|(Yz$AC~kM}\A7~{vv߶bO07+۝l9nimơ85 Nl"$$EUՊZFr,U3$]e_oNe Vt 0M3}9JfYҼ4iɜAx7B_7nC\pb](~5?~eܰ+w= =z ;,r+"JqmԈ@jhej,I-r`UozH^8ڈڽ]cg[DL;*t'x||ng Om?a"Krc[}]MA U hCjΌ {g 0G {*yx\v]w71&pQx666y) hTRV`.lf8w ֍N( 6V8eOWc#ޚU>9dKAoa\3d^'z<‰/ϐ>t-b꣋=P-6+/EI cQ`Vށ e(=II4`Guy?dV>5 fw2d@“^k mQ-s?FRNh=}I-M(]BpAWAgaJF- * w]n!;i2PI ܑ: )/ \;]1'QpcgKzg[qŘK?v:'IMPTF_'/|.5uY%G 7TI?yF ]Uk{ ‚ J] x^P)55uߏ^BJ~PjT*ղR>0#cNdJ/":6/ߐQt ʡ  g" w(hgbG߬Kɽ`&c܇ ˁvs&IReeM㢦URSz]ŁJsoѤ\ʞuOm6,L~Zِ?j3NTUiQ)CL@[NVފm"gu0zbY:9KqQiu+X^-HrSP0 RB&2᷎@ IB"mPidTSrUgomAo /M!S4tK{>N]1@[zZ.Uԍ(R:uIYkb_8e!'WݒUERRcBRKm4 @Fh%?Jrr$ȊXK @V +˴9ZO-Zݔ/NoWG䣾tLg.^gkL&}۰ 3pSPJ9V,:@'_= )>Ak*IkWm!wa$\͍nR8`z a/UʰPrP'|J ^9Mֽ4"mVŷ*ؔʞN,XVӨEmZl"]TFk/kjY^h eHZW:\^ v4됵WQo@a21d-MTz)o_p\4+(bRl RY@ X)+]o,33330jM{A>/o):ZE<߽.qݯg,ҹiZ_ (>~;cpIX!I~F&/0b4==gؐ^H]gU2E%/V.t Y5rpK/-;" Z&ե֨53hP?+Q-񙁴Vo8?/oz[XQ7.%#AMX=!AA~=HmtH%6׉}4T{'lpvwCD;䐅 |%zP(k MЕSP(C4{KK) ]ms&GIX@ޙQ Iz*q; YJ8i= .*!4]4L`J#^[^͝&PY{m,M_SqY;6;7o0UHvjsm,㥙$=mZA+=V4aH mX[`cXg֚I;_<@VD[_[˯#+tҥworY7VB˭#5غ >{c~C2o@45kQY'@ZIHgsS8#g:X1,z gnGxx5j\DI` =EOaIv|wouv1H_-Spn]|@V_Ղ^_Fk>W-K "m{;pO/f}-G]bd@.h] #'3]v:M>kT60x8;I?`ƞ|To|ՊOZCuI%4&KufGOp\dE'y{@d>bQG)z5C[LA FoNtozo|ԛd?߿߉!?X3C ߉ɦ¢ZYtOΏ 2E! $BBlU<4N:@3{9"2uFQUrc[~R USv-6E%8 YêEP:8(=ʓhOBu~rmb/k}sdDq  YzBYiӶ ?5w1i}P2DO#{%1qe(#?fGs4V%Œ K"|SLZ}@ )q/1 Ň!\G "K&5\qey3ڴnj\sf61%Q>sjҭVSj~A0fَ.HQ,:+Ȓ~Wy=^^@֋wS+ nMt"rRIo$zTG)m4J$RM~Ÿ\ 6M}^SLx!Vy ?Lm =Ymz^CݶB[7=5US]^q=o7/ݛCWnVt%#[wnVF\X!Q:"&U䰍 ʼn4ޘqaaZw$v\ S DcޥEb}6K*Kl^dk3~p~5'5*>5BYvkbX<0%{dZ{cqȝGF^hRyG6]|5*:޺ 8Z<<}Q,mJ)A7P~O^ @xl; sXd7Mw=; zte2,e  ( 4zޞ+j_7$|tfs'B f;Q dJfWs>e3B[w^?qbS{#3r1#t⅝%'evsf0L|Ux[hhwQfg1q8 @ȩ莥rȁXJ1o1K9rlDY̪bu W17ZvM[#{ed5k):B"E TЍB9O͒;IP}3Y?d=a't2u?|{~BJ{=H~C#hMmãת|W:e|'O;ҹn,ZM1l>o7@\p{MI٫TvLJ/tX0+b#-#>Infi4F&3?ahgLN!CRY`Oi${M1]D]qYEc `N!(Vr=gs? >ZxX29k `k=Cۑ?ų0L(4&{l|֐T ]\VZAf.;#xtT$l.cꢻ".b,G\nX|I7o8gkH0jCB9Ҍ\W}0"{C~b #:́ nZ'AӂF$<"m~g~q79tS-i`Kk‚@r:!1wgII!5S"" /a9=g+bv`F7m/u +#zK?,P֏X Gώ3sاX,/}.HP,i@,F21 Ԓu7S+Im5: s``yPf0л;kLn3 lMT'Ig#|4B ŀ{Q.#fMQtV#?~Kg8{$:9Pq.3%LjG7sBG4_ Di~򍵮Ȉ@`!dBc J])(%R _3ʰLXU+[ʗ_ͪg2qͅJV J{AfA dh{߃J-T{$A% ͈u0՝!hV39]69tHa{9.aw}&ZGݪ;G'݋UbPhXx3fg&SE`9v9ssyρ>s<>G/r ?BiN? 9{3?9sw3=/=?ˑ/@9q /s_\OoCAC_ S^>S>>~sڿi:k$C%nN ps+aT /׀a uq߀yVU ?^`k9x 挿 {9;k?t/z}иCJW\/Yy* u!ȁЫ "%YØ/ܻCzʈnS" /\2A8i8(> g m`J?(X#ah0.: 7X[ZӇx';ZWueaPkqdm~8oCdxH$ωݕٝzÀ;}W](8xZLܸʂpkQ^ ="5-'`4k`eZ ㌰ևǫ3K &!Ybl!lx6k楢pJ!J41|FZgޣ8 a箨-gWxJ =su'а-t i7IղVJZ8~G;B$ô{)0#&4vX4*D`I>Cxt>`2?4UF` Ԋz!r1 4`ԭtK_+wp E OӉ/4;fSDW2F dy3 aw8a+h;r#;P`8؞.z^G,' w cȬb2V-kD2ypc l4ĝ=ri[Lb,!mނxxM&Z=*ȁJ=CY%G e(e L@纗v.LEUzqu'08,^bYd=!>(As˸ 2d jJrXuNdüfD`|!GACRhenY{?w/cC吠t#x6q,L҅F?[%mf9.w&a5qɷ6F\)">dq% f&vOn3 &`T$7&m :T#ZcQC͙PbՍPFĊ(1L=-iېܑM -!gP;xX20tgG|םe@@U]ݎ:3Oj@@zƶC ?}WŤsMd|1Q:༓ + S1>亂mKz=c,g~^Ky>oY:7?z=8L %/}XRbLIl7 @#׽~rh=)g5|\k֊<#!1苄I Mc Vj͙*u9wi!{?pFs?e83bsJߊJd(`^̀ԛjd%Aϐ\19#Ehq,Z#|F+3௚3qyU (p6d+D~"ڮ1=RRĺKlCt|nT8b~` [䕝$ŗ`<>lB*9"ZI7ςΌLT zʲ u{XqKN֒gƶ CBub".~9N?T~3)HbHI@>evEE`C0^|mD$u@' tlاTét|! C@_ܹeVhJm[)Ud2-1OĴ6 MX^ة;qV' 3>&rx{Kkώ{gSsB%^]8}nJ ]Ʒf2KGз57b8Z| xʍtf/A.stK 6[ '"u JmӬ9s¹">UXJَR h,8/ kl9Sw>E~b ȡȎlyI./՜GK@gmҕh_nQ7V0] 瑞c/1+8~mA=de,-Urcxd+Xf:PuEX!o+Ѡ7W%`/9H_s1S`: 1tVB(c4A U1?{cm'nFQXƺi#uTmeѩ&oߩo^SQ`[O_<.tc bۙFYa1 g'[yӯy~{##>gsxy| 2m^9FfB~eaԐDZͼ*;҆g'rQ\F$#00/y╔ul+m=GPX1+ NRQf7`F*)AuҰ·- xsmH"<-#{`qO| []r*N-Z7= KF = 哓"YCc3=|ל r7umr?{]9,L Ci>c10-BL+ IQE6;|,݈bZ"NDJүfrmu#{ [}f|GnԌnBuav~ L$Fw8# S;3b,/A,xrs*]_7;Nb‚әd_ydOɅ_YGlp/X]0N3ʓ@:iw>sJ{gFK'*O{(ƹ1$p:_};]%`֍{>Uű(jL긓 BrŇtA|g 6N|>Gy6=xTgMUj;IhdMn+:cSEᘸe=i(ziGmw9n~ h5J-? ۔̑5M\"Z/!xzP>gr*3dv'VMظM^3a-dFIkm]jRm+