FYI...
- http://www.theregister.co.uk/2009/05...ersity_server/
20 May 2009 - "Hackers have wasted no time targeting a gaping hole in Microsoft's Internet Information Services webserver, according to administrators at Ball State University, who say servers that used the program were breached on Monday... On Monday, Microsoft confirmed what it called an "elevation of privilege vulnerability" in versions 5 and 6 of IIS when it runs an extension known as WebDAV. Microsoft said at the time it was unaware of any in-the-wild exploits of the vulnerability. The assessment was at odds with this warning*..."
* http://www.us-cert.gov/current/index...n_services_iis
updated May 19, 2009 - "... US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability... note that disabling WebDAV may affect the functionality of other applications such as SharePoint..."
- http://www.theregister.co.uk/2009/05...tate_retracts/
21 May 2009 - "Network administrators at Ball State University have retracted their claims that a campus website was brought down by a zero-day vulnerability in Microsoft's Internet Information Services webserver... corrects an advisory campus officials issued Tuesday that claimed the breach was the result of someone targeting a vulnerability in versions 5 and 6 of IIS that allows attackers to list, access, and in some cases upload files in a password-protected folders of vulnerable machines. The vulnerability exists when IIS uses the WebDAV protocol. The advisory was featured prominently on the university's website. "Initially, both Microsoft and Ball State suspected the intruder used the WebDAV vulnerability that was made public by Microsoft on May 15," Proudfoot said..."
Corrected CVE:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1676
Last revised: 05/20/2009
CVSS v2 Base Score: 7.6 (HIGH)
// http://forums.spybot.info/showpost.p...7&postcount=98