INFRA
INFRA
INFRA
8 million sites still running Microsoft IIS 6.0 are vulnerable to zero-day exploit
A recently detailed zero-day exploit that takes advantage of a vulnerability in Microsoft’s Internet Information Services 6.0 has been used to attack sites since last July, according to newly published reports.
The zero-day, so named because it hadn’t been identified before, was discovered by two Chinese researchers from the School of Computer Science & Engineering, Information Security Lab at the South China University of Technology, who have published details of the exploit on GitHub.
Trend Micro broke the information down in detail for those who need to know: The zero-day Buffer Overflow vulnerability (CVE-2017-7269) is caused due to an improper validation of an ‘IF’ header in a PROPFIND request in IIS 6.0, allowing a remote attacker to exploit this vulnerability within the IIS WebDAV Component with a crafted request using the PROPFIND method.
A successful hack could result in remote code execution with unsuccessful attacks potentially leading to denial of service attacks.
According to Microsoft, a WebDAVPROPFIND Method “retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). The PROPFIND Method can be used on collection and property resources.”
IIS 6.0 was included with Windows Server 2003 which is no longer supported by Microsoft, with support ending on 14 July 2015, meaning that the vulnerability is highly unlikely to be patched.
While the software is old, according to stats from W3Techs Microsoft’s IIS is still the third most popular web server technology out there, powering 11.4 percent of all websites. But while newer versions are more popular, IIS 6.0 accounts for 11.3 percent of IIS-powered websites, meaning that 1.3 percent of all websites online are using it, or approximately 8 million sites.
The simple solution to the problem is for users of webservers running IIS 6.0 to upgrade to a newer IIS version or switch to more secure Linux-based software, but alternatively if they can’t Trend Micro recommends that the WebDAV service on any server running IIS 6.0 be disabled to mitigate the risk.
Image: Pexels
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
