Zero-day gap makes 600,000 outdated Windows Server vulnerable

two security researchers of the South China University of technology in Guangzhou have made public with details in an unpatched security hole in Windows Server 2003. An entry on GitHub according to the vulnerability ID is CVE-2017-7269 already since July or August 2016 for attacks on the obsolete and Microsoft used no longer supported server operating systems. Worldwide around 600,000 vulnerable servers on the Internet are currently active.

 end of support Windows Server 2003 (image: Microsoft) according to a investigation of trend micro could inject unauthorized malicious code remotely and perform or cause at least a denial-of-service. Therefore, the actual error – a buffer overflow – is in the WebDAV component of Microsoft Internet Information Services (IIS) 6.0 newer versions of the Web server are not affected.

the buffer overflow is triggered by an overly long string in the “If” header of a “propfind” request because IIS incorrectly checks 6.0 such requests. At least two HTTP resources must be defined in the header. A denial-of-service is raised according to trend micro if fails to inject and execute malicious code.

according to the researchers, Microsoft was already informed of the vulnerability. As support for Windows Server 2003 is set to the extended in July 2015, is not to assume that the software group is to provide a patch for the zero-day vulnerability.

a search to Microsoft IIS 6.0 in the Gerätesuchmaschine SHODAN delivers approximately 600,000 potentially vulnerable servers worldwide. Most of it is located in the USA (286,000 Server) and China (114,000 Server). In the top 5 can also be found Hong Kong, United Kingdom and Canada. For Germany, SHODAN delivers approximately 6700 vulnerable hosts.

trend micro recommends operators that use still IIS 6.0, disable the WebDAV component. Alternatively advises the company to switch to a newer version of Windows Server that contained also a newer version of Internet information services. DISPLAY

wireless networking: free ride for vehicles of the next generation of

has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.

[withmaterialbyZackWhittaker ZDNet.com ]

tip : what do you know about Microsoft? Check your knowledge – with 15 questions on silicon.de.

Be the first to comment

Leave a Reply