News

Sadmind/IIS Worm Hitting Unpatched Systems

Attackers are exploiting old vulnerabilities in Solaris and IIS Web servers with a new malicious worm called the sadmind/IIS Worm to attack more Solaris and IIS Web servers and deface Web pages, according to an advisory issued Tuesday by CERT.

The exploit relies on administrators having failed to install a two-year-old buffer overflow vulnerability patch in Solaris and a seven-month-old vulnerability patch in IIS, according to the CERT advisory.

Compromised Solaris systems attack Microsoft IIS Web servers and also propogate the virus to other vulnerable Solaris systems.

Web page defacement appears to affect only IIS systems, which display Web pages reading: “f--- USA Government, f--- PoizonBOx.”

The IIS vulnerability allows an attacker to use a malformed URL to access various files and folders on a Web server and execute operating system commands, allowing for no end of mischief.

The original Microsoft patch can be found here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.