Article

Microsoft issues IIS FTP advisory, exploit code circulates

SearchSecurity.com Staff

Microsoft issued an advisory this week warning customers of a serious vulnerability in Microsoft Internet Information Services (IIS) and the availability of exploit code circulating that could enable an attacker to exploit

    Requires Free Membership to View

the flaw.

The flaw affects Microsoft IIS version 5.0, 5.1 and 6.0, leaving the Web server vulnerable to an FTP attack. Bruce Dang and Jonathan Ness, of the Microsoft Security Response Center detailed the flaw in a blog entry, calling it a "stack overflow in the FTP service when listing a long, specially-crafted directory name."

"If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs," the researchers said of the IIS FTP flaw in the Security Research and Defense blog.

If the IIS is configured to enable anonymous users to have write access, the attacker would not have to be authenticated to pull off the attack, Microsoft said.

Microsoft is working on a patch and expects to release it once it "reaches an appropriate level of quality for broad distribution." In the meantime, companies can deploy a workaround by modifying NTFS file system permissions to bar FTP users from creating directories.

The U.S. Computer Emergency Response Team (US-CERT) issued an advisory Monday warning that there was no practical solution to the problem. Danish vulnerability clearinghouse, Secunia gave the flaw a moderately critical rating.

Microsoft said the flaw was not reported responsibly. It was discovered by a security researcher who goes by the name "Kingcope." The exploit code began circulating on the the Milw0rm site on Monday.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: