Unpatched flaw could take down Microsoft's IIS server

A hacker has posted code that could be used to install unauthorized software on some versions of the server

Robert McMillan (IDG News Service)
01 September, 2009 08:19
Comments

A hacker has posted code that could be used to take over a system running Microsoft IIS (Internet Information Services) server.

The software, which was posted to the Milw0rm Web site on Monday, could be a big problem for some webmasters, however the attack appears to work only on older versions of Microsoft's products. It was not immediately clear how many versions of Microsoft's products are vulnerable to the attack, and Microsoft did not immediately respond to requests for more information on the issue.

The flaw lies in the File Transfer Protocol (FTP) software used by IIS to move large files around the Internet, so the victim would have to have FTP enabled in order to be vulnerable to the attack. According to the Milw0rm post, an attacker could use this code to install unauthorized software on the server.

According to the Milw0rm poster, the code works on Microsoft's decade-old Windows 2000 operating system, while running the older IIS 5.0 server. For the attack to work, the hacker would also need to be able to create a directory on the server, security experts say.

Other versions of IIS are also at risk, according to Thierry Zoller, an independent researcher who has studied the issue. However, newer versions of Microsoft's operating systems have features that make it less serious, he added via instant message.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Microsoft

References show all

Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k)

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Staying Secure and Preventing Data Leaks in a Cloud-obsessed World

If your organisation is to benefit from this explosive growth, it needs to be able to exploit all that the cloud has to offer. But at the same time, it is vital to protect your company’s employees, networks, data and reputation from the risks that exist in the cloud.

Featured Download

HandBrake

HandBrake is an opensource tool that allows you to backup your DVDs so that you can store and watch them on your computer. Features include: ...

Zones

Most Popular Whitepapers

Process-Driven Master Data Management for Dummies

We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management

Latest Jobs

FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
CCSAP PM ConsultantNSW
FTSenior Citrix EngineerNSW
FTProduct Manager Strategist - Enterprise ApplicationsNSW
CCAvaya Engineer - ERS 8600 4.1NSW
CCOBIEE ConsultantWA
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTSenior Citrix EngineerNSW
FTSAP Basis ConsultantNSW
FTTechnical Services Engineer - ShoreTel/MitelVIC
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
CCSAP FICO ConsultantNT
FTQM Trainer and ConsultantNSW
FTSAP Basis ConsultantACT
CCSystem Engineer - Exchange - CONTRACTSWA
FTChange Management ProfessionalsNSW
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTiPhone Developer DeveloperNSW
FTiPhone App DeveloperNSW
CCPC Relocation Technicians - Multiple Roles availableSA
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW

Market Place

Unpatched flaw could take down Microsoft's IIS server

Comments

Post new comment

Windows 8 update: all the latest rumours, opinions and possibilities

Coalition NBN better or worse?

A comparison of Telstra's 4G phones

Which tablet should I buy? iPad 2 vs Sony Tablet S

Bredolab botnet author sentenced to 4 years in prison in Armenia

NBN ISS could pose capacity constraints

NBN service plans won't cost consumers more: Conroy

Microsoft at a loss over Event Viewer scam

Stallman: If you want freedom don't follow Linus Torvalds

Conroy turns the attack to Hockey

CeBIT 2012: Will NBN speed up freight delivery times?

Staying Secure and Preventing Data Leaks in a Cloud-obsessed World

Business Process Management, Service-Oriented Architecture, and Web 2.0: Business Transformation or Train Wreck?

SOA Best Practices and Design Patterns

Enterprise Buyers Guide for Tablets

HandBrake

Avaya Air Cover Zone

Application Lifecycle Management

HP Converged Storage Zone

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Process-Driven Master Data Management for Dummies

Business Intelligence Best Practices for Dashboard Design

Learning To Compete: IT’s Next Transformation

Seven Steps to Effective Data Governance

Guidance for Calculation of Efficiency (PUE) in Data Centers

Computerworld newsletter

Don't have an account?

Unpatched flaw could take down Microsoft's IIS server

Comments

Post new comment

Computerworld newsletter