News

Sadmind/IIS Worm Hitting Unpatched Systems

Attackers are exploiting old vulnerabilities in Solaris and IIS Web servers with a new malicious worm called the sadmind/IIS Worm to attack more Solaris and IIS Web servers and deface Web pages, according to an advisory issued Tuesday by CERT.

The exploit relies on administrators having failed to install a two-year-old buffer overflow vulnerability patch in Solaris and a seven-month-old vulnerability patch in IIS, according to the CERT advisory.

Compromised Solaris systems attack Microsoft IIS Web servers and also propogate the virus to other vulnerable Solaris systems.

Web page defacement appears to affect only IIS systems, which display Web pages reading: “f--- USA Government, f--- PoizonBOx.”

The IIS vulnerability allows an attacker to use a malformed URL to access various files and folders on a Web server and execute operating system commands, allowing for no end of mischief.

The original Microsoft patch can be found here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Azure Networking Enhancements Announced at Ignite

    Azure networking improvements were announced by Microsoft as part of its Ignite Conference.

  • How To Reclaim Your Privacy from Windows 10, Part 2

    These are the top four privacy settings to check in your Windows device to make sure Microsoft doesn't collect any data you don't want it to.

  • Microsoft Releases Out-of-Band Security Patches for Exchange Server

    Microsoft on Tuesday released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks.

  • Microsoft Mesh for Building Mixed Reality Apps Highlighted at Ignite

    The Microsoft Ignite Day 1 keynote presentations were heavy with talk about Microsoft Mesh, a new Microsoft Azure-based platform for building "cross-platform mixed reality apps" for multiple participants.

comments powered by Disqus