News

Sadmind/IIS Worm Hitting Unpatched Systems

Attackers are exploiting old vulnerabilities in Solaris and IIS Web servers with a new malicious worm called the sadmind/IIS Worm to attack more Solaris and IIS Web servers and deface Web pages, according to an advisory issued Tuesday by CERT.

The exploit relies on administrators having failed to install a two-year-old buffer overflow vulnerability patch in Solaris and a seven-month-old vulnerability patch in IIS, according to the CERT advisory.

Compromised Solaris systems attack Microsoft IIS Web servers and also propogate the virus to other vulnerable Solaris systems.

Web page defacement appears to affect only IIS systems, which display Web pages reading: “f--- USA Government, f--- PoizonBOx.”

The IIS vulnerability allows an attacker to use a malformed URL to access various files and folders on a Web server and execute operating system commands, allowing for no end of mischief.

The original Microsoft patch can be found here.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Skype Room Systems Rebranded as 'Microsoft Teams Rooms'

    Microsoft on Wednesday announced the rebranding of its Skype Room Systems product line of partner-built videoconferencing and meeting room devices, which are now called "Microsoft Teams Rooms."

  • Intel's 'Cascade Lake' Datacenter Chips Tackle AI Inference

    Amid all the flash of this month's Consumer Electronics Show (CES), there was an unlikely datacenter announcement: Intel is now shipping its new Xeon Scalable CPU.

  • Azure DevOps Server 2019 Now at Release Candidate 2

    Microsoft released Azure DevOps Server 2019 Release Candidate 2 (RC2), according to a Tuesday announcement.

  • Cloud IT Infrastructure Spending Starting To Take the Lead

    IDC this month published findings on revenues from cloud IT infrastructure spending in the third quarter of 2018, based on server, storage and Ethernet switch sales.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.