IIS 6.0, ntpd, and new netbooks coming preloaded with malware

New vulnerabilities have been reported for IIS 6.0 users who have WebDAV enabled. The vulnerability allows escalation of privileges if a specially crafted HTTP GET request is made to the vulnerable server. More information can be found in the MS Security Advisory here: http://www.microsoft.com/technet/security/advisory/971492.mspx

There has also been a new vulnerability discovered for ntpd users who have configured the service to use autokey. Servers running a vulnerable version of ntpd with autokey enabled may find themselves vulnerable to a remote buffer overflow from an unauthenticated user, which could allow for arbitrary code execution. All users of the ntpd service should update their versions immediately. More information can be found on the US CERT website: http://www.kb.cert.org/vuls/id/853097

Finally, there have been a few stories of malware being pre-installed on newly purchased netbooks. The worm uses Windows' autorun functionality to infect any writable removable media (flash drives, external hard drives, etc) so that whenever the removable disk is plugged into another Windows based machine with autorun enabled, the new machine will become infected. More information on this new autorun worm can be found here: http://www.viruslist.com/en/weblog?weblogid=208187720

Posted by Brett Davis on May 21, 2009, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.