We wrote about the new IIS FTP service vulnerabilities when the exploit code became public in diary 7039 and when Microsoft published their advisory some time afterwards in diary 7063. Not surprisingly Microsoft have revised their security advisory letting us know that there have been reports of incidents where this exploit was used to compromise systems. This might seem counter intuitive as the exploit code was public prior to the advisory coming out. It is more likely that there were few reports, however the exploit was being actively used. There are not all that many IIS servers running FTP on the Internet, in fact there are fewer public FTP servers than in the past. Where this exploit may have been used is attacking internal FTP servers. Microsoft have also reminded admins that version 7.5 of their FTP service is available for download (although only for Windows Server 2008), and is not vulnerable to these attacks. Hopefully a patch will be out shortly. Cheers, I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Pen Test & Offensive Training 2021 |
Adrien de Beaupre 353 Posts ISC Handler Feb 8th 2011 |
Thread locked Subscribe |
Feb 8th 2011 9 years ago |
I would like to suggest a good workaround to avoid multiple bruteforce attacks on IIS.
Just download http://winfail2ban.sourceforge.net/ a FREE porting of Linux Fail2Ban that block IP address that attempt to brute force your FTP |
Anonymous |
Quote |
Sep 8th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!