Windows server attack code in the wild

According to the United States Computer Emergency Readiness Team (US-CERT), there is active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0.

Successful exploitation of this vulnerability may allow a remote attacker to control the at-risk system, US-CERT says.

According to the National Vulnerabilities Database, the flaw, catalogued as CVE-2017-7269, is a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in IIS 6.0. A successful attack gives users full application privileges.

As if that news isn’t bad enough, there is likely not a patch forthcoming, as Microsoft ended support for Windows Server 2003 on July 14, 2015. What does this mean for you?

“Microsoft will no longer issue security updates for any version of Windows Server 2003. If you are still running Windows Server 2003 in your datacenter, you need to take steps now to plan and execute a migration strategy to protect your infrastructure,” the company wrote on its Windows 2003 support page.

If a widely cited web server survey is to be believed, there were still 185 million sites in use in March.

This proof-of-concept exploit arrives about two weeks after Microsoft published one of the largest number of security patches ever in its Microsoft Security Bulletin Summary for March 2017. In this security bulletin, Microsoft issued fixes for security vulnerabilities that had been widely disclosed and under attack. The 17 security bulletins fixed 135 flaws. There were nine critical and important vulnerabilities.

The best course of action for those running the vulnerable Windows Server 2003 Operating System with IIS 6.0 is to switch to a newer Windows Server version currently covered by support and receiving security updates. Those who can’t — or won’t — upgrade should consider disabling the WebDAV service in the IIS 6.0.


What’s ahead for security and cloud adoption?

On spreading malware and mayhem with a USB stick

Clouds cast long security shadow over enterprise IT

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: