Network Security News

Microsoft security update: 'Limited' IIS server cyberattacks spotted

Friday, September 4, 2009

Microsoft has updated a security bulletin about a flaw in older versions of Internet Information Services (IIS) due to "limited" attacks on the vulnerability occurring in the wild.

Microsoft said a new proof of concept published allows for denial-of-service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service.

Another new POC allowing DoS was published that affects the version of FTP 6 which shipped with Windows Vista and Windows Server 2008, Microsoft's Alan Wallace reported on the Microsoft Security Response center blog.

Vulnerable code exists in IIS 5 (Windows 2000), IIS 5.1 (Windows XP) and IIS 6 (Windows Server 2003). IIS 6 running on Windows Vista and Windows Server 2008 is now vulnerable.

"Customers should be aware that the Download Center has FTP 7.5 available for Windows Vista and Windows Server 2008. FTP 7.5 is not vulnerable to any of these exploits," Wallace said.

The initial attack code was published Monday by Nikolaos Rangos, who did not notify Microsoft ahead of publishing the code, according to IDG News Service.

Microsoft said it is working to issue a security patch, which may be available by Tuesday, when the monthly security batch is released.ADNFCR-1765-ID-19347421-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now