Skip navigation

Security Vulnerability Gives Attackers Full Control Over Any Web Server Running Microsoft Windows® NT 4.0, Windows 2000, or Windows XP with Internet Information Services (IIS)


(Aliso Viejo, CA.; Geneva Switzerland) – eEye Digital Security announces the discovery of a major security vulnerability in Microsoft’s (www.microsoft.com) IIS Web Server software. The vulnerability lies within the code that allows a Web server to interact with Microsoft Indexing Service functionality. The vulnerable Indexing Service ISAPI filter is installed by default on all versions of IIS. The problem lies in the fact that the .ida (Indexing Service) ISAPI filter does not perform proper "bounds checking" on user inputted buffers and therefore is susceptible to buffer overflow attacks.

Attackers that leverage the vulnerability can, from a remote location, gain full SYSTEM access to any server that is running a default installation of Windows NT 4.0, Windows 2000, or Windows XP and using Microsoft’s IIS Web Server software. With system-level access, an attacker can perform any desired action, including installing and running programs, manipulating Web server databases, adding, changing or deleting files and Web pages, and more.

eEye stressed the extreme seriousness of this vulnerability. Network administrators are urged to immediately install the patch released by Microsoft at www.microsoft.com/technet/security.

According to Netcraft (www.netcraft.com), there are roughly 5.9 Million Web servers running IIS. It is safe to say that because the vulnerability is within a default IIS component that, at the very least, 50% of these servers have the .ida extension running, making this one of, if not the single largest vulnerability in IIS to date.

As stated earlier, all versions of Microsoft’s IIS Web server software are vulnerable to this flaw. This includes Windows XP- Microsoft’s next-generation Operating System. Microsoft is taking the necessary steps to patch Windows XP before the final version ships to customers.

eEye alerted Microsoft’s security team immediately upon discovery of the vulnerability and has worked closely with Microsoft on the development of a patch and the expeditious alerting of administrators worldwide. An exploit program was developed by eEye that can be run against any vulnerable IIS Web server and in a matter of minutes produce a remote command prompt to which an attacker could connect and execute commands with system-level access. eEye has shared the exploit with Microsoft and decided not to release the exploit to the general public given the potential abuse by malicious individuals.

“This vulnerability is further proof of the need for network and application based security,” said Marc Maiffret, Chief Hacking Officer at eEye Digital Security. “While firewalls and Intrusion Detection Systems are necessary, they are not enough to ensure the total security of a network.”

eEye has recently released a new product, SecureIIS, that acts as an “application firewall” for IIS. SecureIIS protects servers running IIS from known and unknown hacker attacks. By working within IIS, SecureIIS monitors all incoming and outgoing traffic looking for classes of attacks and securing against them.

“Clients that had SecureIIS installed on their servers were already protected from this latest vulnerability before the advisory was released,” said Maiffret.


About eEye Digital Security
eEye Digital Security is a leading developer of high-end network security products and an active contributor to network security research and education. eEye offers a variety of network security products targeted at IT administrators and consultants alike. eEye products are focused on "proactive" security. These products work in conjunction with popular tools such as firewalls and Intrusion Detection Systems to deliver comprehensive assurance. The eEye products include Retina™, the Network Vulnerability Scanner, SecureIIS™, the IIS Application Firewall, and Iris™, the Network Traffic Analyzer.
www.eEye.com www.eEye.com/Retina www.eEye.com/SecureIIS www.eEye.com/Iris


CONTACT:
UK
Kunle Barker
Ecompany UK
02088323798
kbarker@ecompany.net

This press release was distributed by ResponseSource Press Release Wire on behalf of Ecompany UK in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.