Unpatched Microsoft IIS 6 web server flaw affects millions of websites

jayar.decenella@gmail.com' By: Jay Decenella
2 minute read

Microsoft might not be able to fix a zero-day vulnerability in an older version of its Internet Information Services web server that attackers targeted July and August of last year. The exploit lets attackers execute malicious code on Windows servers that run IIS 6.0 while user privileges run the application. A proof-of-concept exploit for the vulnerability in IIS 6.0 is now available to view on GitHub and while IIS 6.0 is no longer supported, it remains widely used even today. Support for this version of IIS stopped in July of last year along with support for the Windows Server 2003, its parent product.

The news raises concern among security professionals as web server surveys indicate that IIS 6.0 is still being used by millions of public websites. Also, it is possible that a large number of companies could still be running web applications on Windows Server 2003 and IIS 6.0 inside their organization. Attackers could, therefore, use the flaw to perform lateral movements if they gain access to corporate networks.

Prior to its publication on GitHub, only a few attackers were aware of the vulnerability — until recently. Now, there is evidence that many attackers now have access to the unpatched flaw. Security vendor Trend Micro offers the following explanation for the vulnerability:

A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND  method. Successful exploitation could result in denial of service condition or  arbitrary code execution in the context of the user running the application. According to the researchers who found this flaw, this vulnerability was exploited in the wild in July or August 2016. It was disclosed to the public on March 27. Other threat actors are now in the stages of creating malicious code based on the original proof-of-concept (PoC) code.

Trend Micro noted that Web Distributed Authoring and Versioning (WebDAV) is an extension of the standard Hypertext Transfer Protocol that lets users create, change and move documents on a server. The extension provides support for several request methods such as PROPFIND. The company recommends disabling the WebDAV service on IIS 6.0 installations to help mitigate the issue.

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading