If you’ve not installed a patch recently, read on… A Venezuelan security consultant has released a small program designed to compromise Microsoft Internet Information Service servers that haven’t had a recent security hole patched. Monday’s public release of the program’s source code – known in security parlance as an exploit – will allow less technically knowledgeable system administrators to test for the existence of the vulnerability or allow less skillful miscreants to attack servers. “I released (the code) to enlighten the public and to promote system security for administrators unfamiliar with these exploits,” said Rafael Nunez, information security consultant for Scientech de Venezuela and a former hacker who used the handle “RaFa.” The release of the code on two security lists – BugTraq and VulnWatch – is the latest twist in the story of the Windows 2000 flaw that Microsoft announced a week ago. The flaw, which Microsoft said could be exploited through the World Wide Web Distributed Authoring and Versioning (WebDAV) component of Internet Information Service (IIS) 5.0, allows an attacker to take control of the server. The flaw was discovered March 12 by the US military after a public web server was compromised by the vulnerability. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.