Posted on: March 29, 2017
Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request.
A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND method. Successful exploitation could result in denial of service condition or arbitrary code execution in the context of the user running the application. According to the researchers who found this flaw, this vulnerability was exploited in the wild in July or August 2016. It was disclosed to the public on March 27. Other threat actors are now in the stages of creating malicious code based on the original proof-of-concept (PoC) code.
Full Article
IIS 6.0 Vulnerability Leads to Code Execution
Userlevel 7
+54
Userlevel 7
+54
By Ionut Arghire on March 29, 2017
More than 8 million websites could be exposed to a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 that has been exploited in the wild since July 2016, researchers warn.
The bug was found in the ScStoragePathFromUrl function of the Web Distributed Authoring and Versioning (WebDAV) service in Windows Server 2003 R2’s IIS 6.0. The issue, tracked as CVE-2017-7269, resides in the improper validation of an ‘IF’ header in a PROPFIND request and could allow an attacker to cause denial of service or to run arbitrary code.
Full Article
More than 8 million websites could be exposed to a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 that has been exploited in the wild since July 2016, researchers warn.
The bug was found in the ScStoragePathFromUrl function of the Web Distributed Authoring and Versioning (WebDAV) service in Windows Server 2003 R2’s IIS 6.0. The issue, tracked as CVE-2017-7269, resides in the improper validation of an ‘IF’ header in a PROPFIND request and could allow an attacker to cause denial of service or to run arbitrary code.
Full Article
Userlevel 7
+54
30th March 2017 By Dark Reading Staff
Microsoft recommends upgrade to latest operating system for more protection.
A zero-day vulnerability in Microsoft's IIS 6.0 Web server software remains unfixed even after two Chinese researchers recently posted a proof-of-concept exploit for it, Threatpost reports. Microsoft recommends "that customers upgrade to our latest operating systems and benefit from robust, modern protection."
Full Article
Microsoft recommends upgrade to latest operating system for more protection.
A zero-day vulnerability in Microsoft's IIS 6.0 Web server software remains unfixed even after two Chinese researchers recently posted a proof-of-concept exploit for it, Threatpost reports. Microsoft recommends "that customers upgrade to our latest operating systems and benefit from robust, modern protection."
Full Article
Userlevel 7
+54
March 3rd 2017 By Mahit Huilgol
http://news.thewindowsclubco.netdna-cdn.com/wp-content/uploads/2017/03/CVE-2017-7269_patch-600x340.png
The zero-day codenamed as CVE-2017-7269 has the potential to take over the Windows Servers and this is the reason why one either needs to update to IIS servers or disable the WebDAV service in case they can’t upgrade. Cyber security firm Opatch has also released a makeshift patch for the same and it can be used by the server owners to protect their systems from any attacks.
Full Article
http://news.thewindowsclubco.netdna-cdn.com/wp-content/uploads/2017/03/CVE-2017-7269_patch-600x340.png
The zero-day codenamed as CVE-2017-7269 has the potential to take over the Windows Servers and this is the reason why one either needs to update to IIS servers or disable the WebDAV service in case they can’t upgrade. Cyber security firm Opatch has also released a makeshift patch for the same and it can be used by the server owners to protect their systems from any attacks.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.