IIS exploit in-the-wild

microsoftsecurityProof-of-concept code was posted on Monday that can lead to gain a full control over server running Microsoft IIS.

This vulnerability can be serious for webmasters but the attack can only be successful against old versions of IIS (IIS5, IIS6). The bug is particularly concern the FTP service which is an IIS component that used to transfer large files over the internet.

So administrators are invited to disable anonymous write access to the FTP server to help mitigate the risk, although a proper impact analysis should be performed prior to taking defensive measures.

make sure you subscribe to my RSS feed!