A Denial of Service (DoS) exploit against IIS 5.1 was brought to our attention. Source code of the exploit is being distributed from multiple sites. The claimed effect of the exploit is to stop the inetinfo.exe process.
We have warned Microsoft and are awaiting a reaction from them.
Confirmation the code works and/or snort IDS signatures will cause updates to this story as we get them.
The smartest mitigation strategy at this point is to plan an upgrade to the most recent version of IIS.
Dec 19th 2005
1 decade ago