Windows server attack code in the wild

According to the United States Computer Emergency Readiness Team (US-CERT), there is active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0.

Successful exploitation of this vulnerability may allow a remote attacker to control the at-risk system, US-CERT says.

According to the National Vulnerabilities Database, the flaw, catalogued as CVE-2017-7269, is a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in IIS 6.0. A successful attack gives users full application privileges.

As if that news isn’t bad enough, there is likely not a patch forthcoming, as Microsoft ended support for Windows Server 2003 on July 14, 2015. What does this mean for you?

“Microsoft will no longer issue security updates for any version of Windows Server 2003. If you are still running Windows Server 2003 in your datacenter, you need to take steps now to plan and execute a migration strategy to protect your infrastructure,” the company wrote on its Windows 2003 support page.

If a widely cited web server survey is to be believed, there were still 185 million sites in use in March.

This proof-of-concept exploit arrives about two weeks after Microsoft published one of the largest number of security patches ever in its Microsoft Security Bulletin Summary for March 2017. In this security bulletin, Microsoft issued fixes for security vulnerabilities that had been widely disclosed and under attack. The 17 security bulletins fixed 135 flaws. There were nine critical and important vulnerabilities.

The best course of action for those running the vulnerable Windows Server 2003 Operating System with IIS 6.0 is to switch to a newer Windows Server version currently covered by support and receiving security updates. Those who can’t — or won’t — upgrade should consider disabling the WebDAV service in the IIS 6.0.


What’s ahead for security and cloud adoption?

On spreading malware and mayhem with a USB stick

Clouds cast long security shadow over enterprise IT

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.