[ISN] Program exploits Windows 2000 flaw

From: InfoSec News (isnat_private)
Date: Tue Mar 25 2003 - 00:27:55 PST

Next message: InfoSec News: "[ISN] CERT, Feds Consider New Reporting Process"

Previous message: InfoSec News: "[ISN] IT worker burnout gets critical"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://news.com.com/2100-1002-993946.html?tag=fd_top

By Robert Lemos 
Staff Writer, CNET News.com
March 24, 2003

A Venezuelan security consultant has released a small program designed
to compromise Microsoft Internet Information Service servers that
haven't had a recent security hole patched.

Monday's public release of the program's source code--known in
security parlance as an exploit--will allow less technically
knowledgeable system administrators to test for the existence of the
vulnerability or allow less skillful miscreants to attack servers.

"I released (the code) to enlighten the public and to promote system
security for administrators unfamiliar with these exploits," said
Rafael Nunez, information security consultant for Scientech de
Venezuela and a former hacker who used the handle "RaFa."

The release of the code on two security lists--BugTraq and
VulnWatch--is the latest twist in the story of the Windows 2000 flaw
that Microsoft announced a week ago.

The flaw, which Microsoft said could be exploited through the World
Wide Web Distributed Authoring and Versioning (WebDAV) component of
Internet Information Service (IIS) 5.0, allows an attacker to take
control of the server. The flaw was discovered March 12 by the U.S.  
military after a public Web server was compromised by the
vulnerability.

Microsoft declined to comment on the issue, except to say that
customers should patch their systems. Nunez also stressed that system
administrators need to patch their systems before a virus writer uses
the vulnerability as a vector for a computer worm.

"This exploit is very serious," Nunez said. "Any unpatched system can
allow a remote intruder to obtain full administrator privileges. This
exploit can be used by some malicious programmers to write worms that
can automate Web site defacements and other malevolent operations."

Nunez said that he got the code from other hackers on the Internet and
cleaned it up before sending it to the two security lists to be
published.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] CERT, Feds Consider New Reporting Process"
Previous message: InfoSec News: "[ISN] IT worker burnout gets critical"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 02:46:29 PST