Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IIS Exploit released / Gagobot.XZ SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IIS Exploit released / Gagobot.XZ
IIS Exploit Released
Today an exploit for a vulnerability on IIS became public available. This exploit targets one of the 14 vulnerabilities fixed on Microsoft MS04-011 Security Update, the SSL Vulnerability (Denial Of Service).
Although this is a DoS exploit, due the amount of vulnerabilities fixed on the recent patches, exploits with remote code execution may be expected soon.


We are still receiving complaints about users having problems downloading MS Patches released yesterday. This behavior could be due to the load caused by the updates released yesterday.


A new variant of Gaobot is also scanning port 5000 besides the common ports, trying to explore an old vulnerability of the UPnP service , described in Microsoft Security Bulletin MS01-059.

Judging by the recent variants, looks like the virus writers are trying, more than usual, get unpatched machines, both exploring services,a la UPnP , and applications , i.e. Netsky.P, which was exploring a vulnerability in Internet Explorer, released in 2001.


ISC WebCast

Did you miss the monthly ISC webcast? Check


Handler on duty: Pedro Bueno (

155 Posts
ISC Handler
Apr 14th 2004

Sign Up for Free or Log In to start participating in the conversation!