UPDATED 00:19 EST / MARCH 30 2017

INFRA

8 million sites still running Microsoft IIS 6.0 are vulnerable to zero-day exploit

A recently detailed zero-day exploit that takes advantage of a vulnerability in Microsoft’s Internet Information Services 6.0 has been used to attack sites since last July, according to newly published reports.

The zero-day, so named because it hadn’t been identified before, was discovered by two Chinese researchers from the School of Computer Science & Engineering, Information Security Lab at the South China University of Technology, who have published details of the exploit on GitHub.

Trend Micro broke the information down in detail for those who need to know: The zero-day Buffer Overflow vulnerability (CVE-2017-7269) is caused due to an improper validation of an ‘IF’ header in a PROPFIND request in IIS 6.0, allowing a remote attacker to exploit this vulnerability within the IIS WebDAV Component with a crafted request using the PROPFIND method.

A successful hack could result in remote code execution with unsuccessful attacks potentially leading to denial of service attacks.

According to Microsoft, a WebDAVPROPFIND Method “retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). The PROPFIND Method can be used on collection and property resources.”

IIS 6.0 was included with Windows Server 2003 which is no longer supported by Microsoft, with support ending on 14 July 2015, meaning that the vulnerability is highly unlikely to be patched.

While the software is old, according to stats from W3Techs Microsoft’s IIS is still the third most popular web server technology out there, powering 11.4 percent of all websites. But while newer versions are more popular, IIS 6.0 accounts for 11.3 percent of IIS-powered websites, meaning that 1.3 percent of all websites online are using it, or approximately 8 million sites.

The simple solution to the problem is for users of webservers running IIS 6.0 to upgrade to a newer IIS version or switch to more secure Linux-based software, but alternatively if they can’t Trend Micro recommends that the WebDAV service on any server running IIS 6.0 be disabled to mitigate the risk.

Image: Pexels

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU