Remote Root Exploit Against IIS Servers

On April 21 a member of the Full Disclosure mailing list posted a message that revealed the existence of a new tool that can be used to exploit IIS servers. By targeting unpatched IIS servers using the SSL protocol an attacker can cause the server to open a port that allows remote access to the system.

The vulnerability, which is discussed in the Common Vulnerabilities and Exposures (CVE) database (CAN-2003-0719) pertains to the Private Communications Transport (PCT) protocol. There are buffer overrun conditions in Microsoft's SSL implementation that could be used to execute arbitrary code.

Microsoft issued a patch for the problem,
MS04-011, which users are strongly urged to apply as soon as possible to avoid intrusion. If your system has already been compromised then strongly consider a need to rebuild the entire server.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.