Security professionals are concerned that a program used by hackers to exploit a flaw in Microsoft IIS webserver has not been made public. They fear that the hackers are keeping the tool secret in a bid to launch further damaging IIS attacks.
The latest in a long line of vulnerabilities in IIS was discovered last week, when it was revealed that a remote buffer overflow in all versions of IIS Internet Services API could be exploited to give an attacker complete control of a system.
But the security community is worried that hackers may be hanging on to the tool used for exploiting this hole, rather than releasing it for analysis so that a patch can be developed.
Typically, when a hole is discovered, a tool capable of exploiting the glitch appears within 48 hours, encouraging administrators to patch their systems quickly.
But so far, no such tool has appeared to push administrators into gear, although rumour has it that hackers are in possession of such a program, potentially leaving the six million users of IIS at risk.
Security firm @stake warned that administrators are less likely to react to an advisory if there is no exploit tool available.
Hackers thrive on a lack of awareness in security and, by keeping the exploit tool underground, network administrators could be lulled into a false sense of security.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago