![]() |
![]() |
![]() |
New IIS Hole Pt 2 http://www.incidents.org/
Dennis Forbes
Sounds like there is speculation that it is coming in over an SSL exploit. Was your friend running SSL? I'm just about to put my first IIS box into production. This is the last thing I want to deal with.
christopher baus (www.baus.net)
Indeed they do have SSL running.
Dennis Forbes
This is yet another reason to run a logging reverse proxy.
christopher baus (www.baus.net)
Is it this?
Nate Silva
Here's Microsoft's response: http://www.microsoft.com/security/incident/download_ject.mspx
r1ch
IIS
Thanks Microsoft
And all the admins that are complaining that this is all MS's fault because they had all of IIS's patches applied need to find new jobs (and may find themselves urged to do so by their employers).
Greg Hurlman
I just looked over that patch. There are about 10 different fixes in there. I would like to know how exactly the systems were infected.
christopher baus (www.baus.net)
<i>And all the admins that are complaining that this is all MS's fault because they had all of IIS's patches applied need to find new jobs (and may find themselves urged to do so by their employers).
w
Got URLs? I'm not trying to refute you; I just want to read for myself.
Greg Hurlman
Did that patch fix the hole in IIS that allowed the rogue code onto the servers -- or did it also fix the hole in IE that infects people who browse the sites?
Nate Silva
Yea
christopher baus (www.baus.net)
I'm surprised to hear that it's an SSL hole. In MS04-011, they say that the SSL hole is just a "denial of service" one, not a "remote code execution" one.
PaulJ
|