Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Security Advisory 975191 Revised - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Security Advisory 975191 Revised

We wrote about the new IIS FTP service vulnerabilities when the exploit code became public in diary 7039 and when Microsoft published their advisory some time afterwards in diary 7063. Not surprisingly Microsoft have revised their security advisory letting us know that there have been reports of incidents where this exploit was used to compromise systems. This might seem counter intuitive as the exploit code was public prior to the advisory coming out. It is more likely that there were few reports, however the exploit was being actively used. There are not all that many IIS servers running FTP on the Internet, in fact there are fewer public FTP servers than in the past. Where this exploit may have been used is attacking internal FTP servers. 

Microsoft have also reminded admins that version 7.5 of their FTP service is available for download (although only for Windows Server 2008), and is not vulnerable to these attacks. Hopefully a patch will be out shortly.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

 

Adrien de Beaupre

353 Posts
ISC Handler
I would like to suggest a good workaround to avoid multiple bruteforce attacks on IIS.

Just download http://winfail2ban.sourceforge.net/ a FREE porting of Linux Fail2Ban that block IP address that attempt to brute force your FTP
Anonymous

Sign Up for Free or Log In to start participating in the conversation!