[ISN] Program may exploit Microsoft server hole

From: InfoSec News (isnat_private)
Date: Fri Jul 06 2001 - 00:42:59 PDT

  • Next message: William Knowles: "[ISN] Max Vision begins 18-month term"

    By CNET News.com Staff 
    July 5, 2001, 11:20 a.m. PT 
    A Japanese hacker has surreptitiously posted a program that could
    exploit a recently discovered hole in Microsoft Web server software,
    giving remote attackers complete control of vulnerable servers.
    The hacking script--which went unnoticed for some time--was posted
    last week on the GeoCities home page of a Japanese hacker who uses the
    nickname "HighSpeed Junkie." The code, programmed on June 21, could
    potentially exploit a flaw in Microsoft's Internet Information Server
    (IIS). As first reported by CNET News.com, an IIS component doesn't
    check for buffer overruns, a common software problem, potentially
    enabling a hacker to gain full, system-level control of a server.
    "It is a very serious vulnerability--it's important to install the
    relevant patches as there are scumbags out there who will write
    programs to exploit these vulnerabilities," said Graham Cluley, senior
    technical consultant at antivirus software maker Sophos.
    An anonymous third party also posted a link to the exploit code on the
    Windows security mailing list Win2KSecAdvice last Wednesday. It
    claimed that the source program is already listed in the file archives
    of at least one underground hacking site.
    The author insists that the existence of this code proves that efforts
    by software makers and governments to prevent the release of such
    programs are futile. "All those opposed to full disclosure, be
    damned," he argues.
    Microsoft alerted the 6 million IIS users to the problem on June 18,
    urging them to install a new patch. The report warned the
    vulnerability "would give the attacker the ability to take any desired
    action on the server, including changing Web pages, reformatting the
    hard drive or adding new users to the local administrators group."
    Hackers had been cautious in exploiting the hole, initially keeping
    malicious code to themselves.
    Cluley argues that companies only have themselves to blame for not
    installing patches as soon as they are released. "There is a
    lackadaisical attitude amongst companies towards patches," he said.
    "It is easy to sign up to the alerts about them, so everyone should
    have applied the patches to this vulnerability by now."
    Microsoft was not immediately available for comment.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 01:49:12 PDT