INFRA
INFRA
INFRA
8 million sites still running Microsoft IIS 6.0 are vulnerable to zero-day exploit
A recently detailed zero-day exploit that takes advantage of a vulnerability in Microsoft’s Internet Information Services 6.0 has been used to attack sites since last July, according to newly published reports.
The zero-day, so named because it hadn’t been identified before, was discovered by two Chinese researchers from the School of Computer Science & Engineering, Information Security Lab at the South China University of Technology, who have published details of the exploit on GitHub.
Trend Micro broke the information down in detail for those who need to know: The zero-day Buffer Overflow vulnerability (CVE-2017-7269) is caused due to an improper validation of an ‘IF’ header in a PROPFIND request in IIS 6.0, allowing a remote attacker to exploit this vulnerability within the IIS WebDAV Component with a crafted request using the PROPFIND method.
A successful hack could result in remote code execution with unsuccessful attacks potentially leading to denial of service attacks.
According to Microsoft, a WebDAVPROPFIND Method “retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). The PROPFIND Method can be used on collection and property resources.”
IIS 6.0 was included with Windows Server 2003 which is no longer supported by Microsoft, with support ending on 14 July 2015, meaning that the vulnerability is highly unlikely to be patched.
While the software is old, according to stats from W3Techs Microsoft’s IIS is still the third most popular web server technology out there, powering 11.4 percent of all websites. But while newer versions are more popular, IIS 6.0 accounts for 11.3 percent of IIS-powered websites, meaning that 1.3 percent of all websites online are using it, or approximately 8 million sites.
The simple solution to the problem is for users of webservers running IIS 6.0 to upgrade to a newer IIS version or switch to more secure Linux-based software, but alternatively if they can’t Trend Micro recommends that the WebDAV service on any server running IIS 6.0 be disabled to mitigate the risk.
Image: Pexels
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
