In SPI Dynamics own advisory it mentions that IIS will restart itself - whilst this is true, by supplying a specific number of bytes, we can terminate all the threads, but leaving INETINFO still alive. Despite INETINFO not dying, the process will no longer serve any requests. This provides a more effective denial of service attack as the administrator would be required to restart the service manually. Again, if you have not yet patched your servers, the patch can be obtained at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-018.asp Regards Mark Litchfield NGS Software Ltd http://www.ngssoftware.com/ Tel: +44 208 40 100 70 (London) Tel: +44 1241 431 267 Mobile: +44 790 069 5236 Email: markat_private
This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 09:48:37 PDT