Attackers have been using a Zero day exploit in IIS 6.0 in order to take control of Windows servers. The worst part is that the IIS 6.0 was originally released in 2010 and was shipped along with Windows Server 2003 and Windows XP Professional x64 Edition. The Zero day was discovered by two Chinese researchers from the Information Security Lab and School of Computer Science and Engineering, Guangzhou, China.
Zero-day exploit in IIS 6.0
The researchers published the proof of concept a couple of days ago and while Microsoft acknowledged the flaw they couldn’t fix the same as it comes under EOL products for which that company has stopped issuing updates. Zero-day vulnerabilities are ones that are previously unknown even after the production build goes live.
That said the vulnerability will only affect IIS 6.0 and there is a possibility that the older operating systems may have installed updates making them vulnerable to the threat. The sad part though is that IIS 6.0 accounts for nearly 11.3% of all IIS installations and double digits of entire web server market are indeed a huge number that needs to be attended to.
The experts further explained that the IIS 6.0 zero-day will affect the WebDav, a service that is designed to simplify sharing and content authoring. Attackers can craft and send a malicious PROPFIND request laced with an oversized IF header once delivered the buffer will overflow allowing the attackers to execute the code on the target server.
The zero-day codenamed as CVE-2017-7269 has the potential to take over the Windows Servers and this is the reason why one either needs to update to IIS servers or disable the WebDAV service in case they can’t upgrade. Cyber security firm Opatch has also released a makeshift patch for the same and it can be used by the server owners to protect their systems from any attacks.