Login   |   Secure Purdue > News

IIS 6.0, ntpd, and new netbooks coming preloaded with malware

New vulnerabilities have been reported for IIS 6.0 users who have WebDAV enabled. The vulnerability allows escalation of privileges if a specially crafted HTTP GET request is made to the vulnerable server. More information can be found in the MS Security Advisory here: http://www.microsoft.com/technet/security/advisory/971492.mspx

There has also been a new vulnerability discovered for ntpd users who have configured the service to use autokey. Servers running a vulnerable version of ntpd with autokey enabled may find themselves vulnerable to a remote buffer overflow from an unauthenticated user, which could allow for arbitrary code execution. All users of the ntpd service should update their versions immediately. More information can be found on the US CERT website: http://www.kb.cert.org/vuls/id/853097

Finally, there have been a few stories of malware being pre-installed on newly purchased netbooks. The worm uses Windows' autorun functionality to infect any writable removable media (flash drives, external hard drives, etc) so that whenever the removable disk is plugged into another Windows based machine with autorun enabled, the new machine will become infected. More information on this new autorun worm can be found here: http://www.viruslist.com/en/weblog?weblogid=208187720

Posted by Brett Davis on May 21, 2009, in Handlers Log.