All the latest UK technology news, reviews and analysis
|
|
|
16 May 2001
Microsoft yesterday released an advisory notice urging users of its IIS web server to download a patch for an exploit that could allow an intruder to execute arbitrary code on the server.
The software giant's announcement comes only days after a previous bulletin about another serious flaw in the same operating software. Now, both IIS 4 and 5 are vulnerable to a flaw that causes the server to run an extra security check every time a URL is requested that runs a server side script.
When the script is run, IIS performs a decoding pass and then performs security checks on the decoded request. But a second 'superfluous' decoding pass is performed after the security checks.
Microsoft said: "If an attacker submitted a specially constructed request, it could be possible for the request to pass the security checks, but then be mapped via the second decoding pass into one that should have been blocked."
"Specifically, it could enable the request to execute operating system commands or programs outside the virtual folder structure," the company added.
This is not as serious as the exploit in the IIS printing protocol discovered two weeks ago because it would only allow the attacker capabilities similar to those of a non-administrative user.
Microsoft also pointed out that "the vulnerability does not provide a way for the attacker to learn the folder structure on the server. As a result, if the operating system were installed on a separate drive from the web root, or in non-standard folders, it could prevent an attacker from locating programs of interest."
The associated patch to fix the vulnerability also plugs two other holes, one of which could allow for a denial of service attack against the FTP service by issuing a command containing a wildcard sequence. When expanded, this would overrun the allocated memory and cause an access violation.
The other is a vulnerability that could make it easier for an attacker to find Guest accounts that had been inadvertently exposed via FTP.
The advisory and relevant patch is available here.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Credit Risk Modeller, SAS, London, £50,000 Title- Credit...
My London client is looking for an experienced Programme...
My leading client is looking for a number of excellent...
My client, a leading international name in Manufacturing...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?