Program may exploit Microsoft server hole

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1003-200-6466569.html?tag=mn_hd

By CNET News.com Staff 
July 5, 2001, 11:20 a.m. PT 

A Japanese hacker has surreptitiously posted a program that could
exploit a recently discovered hole in Microsoft Web server software,
giving remote attackers complete control of vulnerable servers.

The hacking script--which went unnoticed for some time--was posted
last week on the GeoCities home page of a Japanese hacker who uses the
nickname "HighSpeed Junkie." The code, programmed on June 21, could
potentially exploit a flaw in Microsoft's Internet Information Server
(IIS). As first reported by CNET News.com, an IIS component doesn't
check for buffer overruns, a common software problem, potentially
enabling a hacker to gain full, system-level control of a server.

"It is a very serious vulnerability--it's important to install the
relevant patches as there are scumbags out there who will write
programs to exploit these vulnerabilities," said Graham Cluley, senior
technical consultant at antivirus software maker Sophos.

An anonymous third party also posted a link to the exploit code on the
Windows security mailing list Win2KSecAdvice last Wednesday. It
claimed that the source program is already listed in the file archives
of at least one underground hacking site.

The author insists that the existence of this code proves that efforts
by software makers and governments to prevent the release of such
programs are futile. "All those opposed to full disclosure, be
damned," he argues.

Microsoft alerted the 6 million IIS users to the problem on June 18,
urging them to install a new patch. The report warned the
vulnerability "would give the attacker the ability to take any desired
action on the server, including changing Web pages, reformatting the
hard drive or adding new users to the local administrators group."

Hackers had been cautious in exploiting the hole, initially keeping
malicious code to themselves.

Cluley argues that companies only have themselves to blame for not
installing patches as soon as they are released. "There is a
lackadaisical attitude amongst companies towards patches," he said.
"It is easy to sign up to the alerts about them, so everyone should
have applied the patches to this vulnerability by now."

Microsoft was not immediately available for comment.




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.