IIS 6 discovers WebDAV vulnerability attacks

The US computer emergency response team recently revealed that the IIS6 WebDAV vulnerability found last week has been used in attacks. The vulnerability discovered by computer security expert Nikolaos rangos can be exploited through a forged HTTP request, view and upload files to the IIS6 server. The attack exploits Microsoft's Unicode token Processing Vulnerability.

 

Microsoft said in a statement that it has not heard of such attacks, but they are observing them and will provide security consultants to help users. The vulnerability affects only those systems that enable the WebDAV protocol in iis6. WebDAV is used to share documents on the web.

 

Attackers can view the files on the server without authorization and upload the files to the server. Independent security expert Thierry Zoller
He confirmed rangos's findings, but Zoller said he had not found any malicious code running on the attacked server.Program. Zoller also indicates that iis5
And iis7 are not affected currently, but other Microsoft products that use WebDAV technology may also face risks. He recommends that you disable the WebDAV protocol before receiving the Microsoft patch.

 

Rangos said in an interview that the Exchange Server and Sharepoint Server using WebDAV technology are not under threat.

 

Cisco also issued the same security warning, saying in a security warning posted on its official website that the IIS6 WebDAV technology was used, in addition, website administrators with sensitive files should take measures because of attacks.CodeIt has been published to the public.

 

It is very easy to Disable WebDAV in IIS6. You only need to find the application server section in Windows 2003 installation and uninstall Windows components, and enter the IIS component option to remove the WebDAV check box, then restart IIS.

 

This message source: http://www.techworld.com/security/news/index.cfm? Newsid= 116029
Source: comsharp CMS official website