Microsoft issues IIS FTP advisory, exploit code circulates

Exploit code is circulating for the FTP zero-day flaw in Microsoft IIS Web server.

Microsoft issued an advisory this week warning customers of a serious vulnerability in Microsoft Internet Information Services (IIS) and the availability of exploit code circulating that could enable an attacker to exploit the flaw.

The flaw affects Microsoft IIS version 5.0, 5.1 and 6.0, leaving the Web server vulnerable to an FTP attack. Bruce Dang and Jonathan Ness, of the Microsoft Security Response Center detailed the flaw in a blog entry, calling it a "stack overflow in the FTP service when listing a long, specially-crafted directory name."

"If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs," the researchers said of the IIS FTP flaw in the Security Research and Defense blog.

If the IIS is configured to enable anonymous users to have write access, the attacker would not have to be authenticated to pull off the attack, Microsoft said.

Microsoft is working on a patch and expects to release it once it "reaches an appropriate level of quality for broad distribution." In the meantime, companies can deploy a workaround by modifying NTFS file system permissions to bar FTP users from creating directories.

The U.S. Computer Emergency Response Team (US-CERT) issued an advisory Monday warning that there was no practical solution to the problem. Danish vulnerability clearinghouse, Secunia gave the flaw a moderately critical rating.

Microsoft said the flaw was not reported responsibly. It was discovered by a security researcher who goes by the name "Kingcope." The exploit code began circulating on the the Milw0rm site on Monday.

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close