IIS Exploit released / Gagobot.XZ

Published: 2004-04-14
Last Updated: 2004-04-14 22:21:07 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
IIS Exploit Released
Today an exploit for a vulnerability on IIS became public available. This exploit targets one of the 14 vulnerabilities fixed on Microsoft MS04-011 Security Update, the SSL Vulnerability (Denial Of Service).
Although this is a DoS exploit, due the amount of vulnerabilities fixed on the recent patches, exploits with remote code execution may be expected soon.


We are still receiving complaints about users having problems downloading MS Patches released yesterday. This behavior could be due to the load caused by the updates released yesterday.


A new variant of Gaobot is also scanning port 5000 besides the common ports, trying to explore an old vulnerability of the UPnP service , described in Microsoft Security Bulletin MS01-059.

Judging by the recent variants, looks like the virus writers are trying, more than usual, get unpatched machines, both exploring services,a la UPnP , and applications , i.e. Netsky.P, which was exploring a vulnerability in Internet Explorer, released in 2001.

References: http://www.sarc.com/avcenter/venc/data/w32.gaobot.zx.html

ISC WebCast

Did you miss the monthly ISC webcast? Check http://www.sans.org/webcasts/archive.php


Handler on duty: Pedro Bueno (bueno_AT_ieee.org)
0 comment(s)


Diary Archives