Alert - IIS 5.0 Vulnerabilities

Since few days ago, a new exploit has been found and attacking IIS 5.0 servers. Incidents.org has a write up on this, Infoworld got it covered as well. Apparently, it is hitting users using IE and IIS 5.0 servers, have seen couple of discussions in public newsgroups and other IIS community forum. At the moment Microsoft official posted latest alert about Download.Ject. from the page..

Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.

If you have not patch the related fixes, I strongly recommended that you do it NOW, and as good security practice, you should restrict or limit HTTP port 80 surfing from your IIS web server. It should be there to serves HTTP / HTTPS requests not as your surf station.

Published Friday, June 25, 2004 6:09 PM by bernard
Filed under:

Comments

# re: Alert - IIS 5.0 Vulnerabilities

Sunday, June 27, 2004 3:03 AM by bernard

Latest KB article about the exploit -
Internet Information Services (IIS) 5.0 – Download.Ject Detection and Recovery Advisory
http://support.microsoft.com/?id=871277

# re: Alert - IIS 5.0 Vulnerabilities

Monday, June 28, 2004 2:49 PM by bernard

More detail -
http://www.microsoft.com/presspass/press/2004/jun04/0625download-jectstatement.asp

# re: Alert - IIS 5.0 Vulnerabilities

Thursday, July 01, 2004 5:56 AM by bernard

Further information

# re: Alert - IIS 5.0 Vulnerabilities

Thursday, July 01, 2004 10:59 AM by bernard

Thanks.

# re: Alert - IIS 5.0 Vulnerabilities

Friday, July 02, 2004 11:36 PM by bernard

Latest Microsoft's response:
Microsoft has released a configuration change that addresses the recent malicious attack against Internet Explorer known as Download.Ject.

In addition, Microsoft has released a Knowledge Base article, 870669, that provides information that administrators can use to implement this change manually in their environment and to deploy the change across
their networks. This Knowledge Base article is available here:

http://support.microsoft.com/?id=870669

Customers are advised to review the information in the Knowledge Base article, test and deploy the change immediately in their environments, if applicable.