ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Industry watch Toolkit

Microsoft server exploit goes public

Published: 25 Mar 2003 08:49 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A Venezuelan security consultant has released a small program designed to compromise Microsoft Internet Information Service servers that haven't had a recent security hole patched.

Monday's public release of the program's source code -- known in security parlance as an exploit -- will allow less technically knowledgeable system administrators to test for the existence of the vulnerability or allow less skillful miscreants to attack servers.

"I released (the code) to enlighten the public and to promote system security for administrators unfamiliar with these exploits," said Rafael Nunez, information security consultant for Scientech de Venezuela and a former hacker who used the handle "RaFa". The release of the code on two security lists -- BugTraq and VulnWatch -- is the latest twist in the story of the Windows 2000 flaw that Microsoft announced a week ago.

The flaw, which Microsoft said could be exploited through the World Wide Web Distributed Authoring and Versioning (WebDAV) component of Internet Information Service (IIS) 5.0, allows an attacker to take control of the server. The flaw was discovered on 12 March by the US military after a public Web server was compromised by the vulnerability.

Microsoft declined to comment on the issue, except to say that customers should patch their systems. Nunez also stressed that system administrators need to patch their systems before a virus writer uses the vulnerability as a vector for a computer worm.

"This exploit is very serious," Nunez said. "Any unpatched system can allow a remote intruder to obtain full administrator privileges. This exploit can be used by some malicious programmers to write worms that can automate Web site defacements and other malevolent operations."

Nunez said that he got the code from other hackers on the Internet and cleaned it up before sending it to the two security lists to be published.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
67 out of 110 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Industry watch


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Systems Administrators Linux- package 35,000 pa + Bens- W.London

FORENSICS SECURITY CONSULTANT CISSP QSA

Senior Security Consultant, MCSE, CCNP, CEH, CISSP, W. Yorkshire

Discussions

roger andre roger andre

BBC must switch on to PC switch off

Sunday 7 September 2008, 11:50 PM

3 comments
Andrew Donoghue Andrew Donoghue

BBC must switch on to PC switch off

Sunday 7 September 2008, 6:19 PM

3 comments
roger andre roger andre

Chromatica Maycontrolus

Sunday 7 September 2008, 4:50 PM

3 comments
1000307968 1000307968

Chrome is simple, but I want features!

Sunday 7 September 2008, 4:14 PM

1 comment

View All

Featured Talkback

When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal