Microsoft officials are investigating reports of a zero-day bug affecting Microsoft Internet Information Services in response to the appearance of exploit code on the Internet.
The exploit, which targets a FTP server remote stack overflow, was published Aug. 31 on Milw0rm.com. According to US-CERT, the vulnerability may allow a remote attacker to execute arbitrary code. The code is listed as working on IIS 5.0 and 6.0 on Windows 2000, and affects IIS 6.0 with stack cookie protection.
“We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact,” a Microsoft spokesperson said. “We will take steps to determine how customers can protect themselves should we confirm the vulnerability.
“Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”
US-CERT suggested administrators disable anonymous write access to the FTP server to mitigate the vulnerability. Before doing so, however, admins should perform a thorough impact analysis, US-CERT advised.
