Attackers target Microsoft IIS; new SMB flaw discovered

By Robert Westervelt, News Editor 08 Sep 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Microsoft updated an advisory, warning customers that attacks have been detected against a zero-day flaw affecting its FTP Service in Microsoft Internet Information Services (IIS). Meanwhile, new exploit code surfaced last weekend, targeting a zero-day vulnerability in Microsoft Server Message Block (SMB).

The updated security advisory warns that limited, active attacks against the IIS FTP service have been detected. In addition, new proof of concept code was published allowing for denial-of-service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service.

Microsoft updates: Microsoft five critical updates won't include IIS: A patch repairing a critical zero-day flaw in Microsoft's IIS Web server will not be ready in time for Patch Tuesday, the software giant said. Unpatched vulnerability discovered in Microsoft SQL Server: Database security vendor Sentrigo today released some detail about a flaw discovered a year ago in Microsoft SQL Server that exposes passwords stored in memory as cleartext.

Exploit code targeting the FTP vulnerability in the Web server began circulating on the Milw0rm site last week. Microsoft warned that while a patch is being tested, it's unlikely it will be released in time for the monthly Patch Tuesday updates.

As a workaround, customers can bar FTP users from creating directories. In addition, FTP 7.5, which is not vulnerable to the attack, is available for download for Windows Vista and Windows Server 2008.

Meanwhile, the SANS Internet Storm Center warned Tuesday that it received reports of exploit code surfacing targeting a flaw in the Microsoft SMB. The attack does not require authentication and can enable a hacker to remotely crash the SMB.

SANS said Windows 2000 and XP are not affected by the vulnerability. Any Vista or Windows 7 machine with SMB enabled is vulnerable to the attack.

SearchSecurity radio:

"We recommend filtering access to port TCP 445 with a firewall," SANS vulnerability handler Guy Bruneau said in an advisory.

Microsoft issued its September advance notification on Thursday, notifying customers that it expected to release five critical updates Tuesday, repairing flaws in Microsoft Windows that could be remotely attacked by hackers.

The patches affect Windows 2000, XP and Vista, as well as all three of Microsoft's server platforms 2000, 2003 and 2008.

Tags: Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary