Server Security: IIS 6 is gradually favored by attackers

MicrosoftIIS 6 VulnerabilityRecently, security researchers Nikolaos Rangos released detailed information about the vulnerability. By sending specially designed HTTP requests to the server, the attacker can view and upload files on the server. This attack exploits Microsoft's Unicode token for software programs.

The US computer emergency preparedness team said the vulnerability was being used by attackers for online attacks.

Microsoft said in a statement that it did not hear any news about similar attacks, but they are investigating the news published by Rangos.

This vulnerability affects users who have enabled the WebDAV (web-based distributed creation and Version Control) protocol. Users can use this Protocol to share files through the web.

This allows attackers to take advantage of the vulnerability. Attackers can view protected files on the server without authorization and upload files. Thierry Zoller said, the independent security researcher confirmed Rangos's conclusion. However, Zoller says he has not seen any signs of using the vulnerability to run unauthorized software on the IIS server.

Zoller said that IIS5 and IIS7 do not seem to be vulnerable to such attacks, but this will affect other Microsoft products that use WebDAV technology. He will temporarily Disable webDAV and wait for Microsoft's security patches.

In an email interview, Rangos said that even if WebDAV is enabled, the Exchange Server and sharePoint Server Running on IIS6 will not be affected by this security vulnerability.

Cisco also issued a similar warning on its official website that "effective mitigation measures should be imposed on websites with sensitive information on IIS servers (using webDAV, because the attack code has been published."

Server security issues have always been a headache. I hope you can learn more about these problems for future use.