Hackers already exploiting IIS flaws

By Phil Muncaster on Sep 7, 2009 8:09AM
Hackers already exploiting IIS flaws

Microsoft has revealed that hackers are already exploiting newly disclosed vulnerabilities in its Internet Information Services (IIS) web server software.

Exploit code for the first flaw was posted on Monday, which would allow hackers to remotely take control of an IIS 5.0 server. New code was then posted on Thursday which takes advantage of vulnerabilities in IIS 5.0, IIS 5.1, IIS 6.0 and IIS 7.0 to allow hackers to launch denial of service attacks against these systems, as long as they are running the FTP Service, said Microsoft.

Redmond was forced to update its security advisory warning that it is now seeing “limited attacks that use this exploit code”.

“Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary,” the advisory continued.

Although Microsoft is due to release its September security updates on patch Tuesday next week, it is widely believed that the new vulnerabilities were disclosed to recently for the Redmond security team to be able to deliver a working fix in time.

In a blog posting, Microsoft blamed the current, albeit limited, attacks on the fact that the original vulnerabilities were published on the internet before the firm had a chance to work on a fix.

“We continue to encourage responsible disclosure of vulnerabilities,” the post continued.

“ We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attacks hackers iis microsoft security software technology vulnerabilities

Partner Content

Shared Intelligence is the Real Competitive Edge Partners Enjoy with Crayon
Shared Intelligence is the Real Competitive Edge Partners Enjoy with Crayon
Beyond the box: How Crayon Is Redefining Distribution for the Next Era
Beyond the box: How Crayon Is Redefining Distribution for the Next Era
New Microsoft CSP rules? Here’s how MSPs can stay ahead with Ingram Micro
New Microsoft CSP rules? Here’s how MSPs can stay ahead with Ingram Micro
Guiding customers on the uneven path to AI adoption
Guiding customers on the uneven path to AI adoption
How mandatory climate reporting is raising the bar for corporate leadership
How mandatory climate reporting is raising the bar for corporate leadership

Sponsored Whitepapers

Cut through the SASE confusion
Cut through the SASE confusion
Stay protected as cyber threats evolve
Stay protected as cyber threats evolve
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The race to AI advantage is on. Don’t let slow consulting projects hold you back.
The changing face of Australian distribution
The changing face of Australian distribution

Most read articles

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!

Save-the-dates for Pipeline 2026: We're levelling up to Hamilton Island in May!
The State of Channel Security

The State of Channel Security
Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told

Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told
Fast50 rankings revealed at gala awards in Sydney

Fast50 rankings revealed at gala awards in Sydney

Log in

Email:
Password:
  |  Forgot your password?