« previous next »
Pages: [1]

Author Topic: Microsoft tells hackers how to take apart its IIS  (Read 2078 times)

Offline W1nTry

  • Administrator
  • Akatsuki
  • *****
  • Posts: 11329
  • Country: tt
  • Chakra 109
  • Referrals: 3
    • View Profile
  • CPU: Intel Core i7 3770
  • GPU: Gigabyte GTX 1070
  • RAM: 2x8GB HyperX DDR3 2166MHz
  • Broadband: FLOW
  • Steam: W1nTry
  • XBL: W1nTry
Microsoft tells hackers how to take apart its IIS
« on: June 06, 2007, 09:28:28 AM »
Errr...
Quote
As if they needed a hand

By Nick Farrell: Wednesday 06 June 2007, 10:37
MICROSOFT IS showing all comers how to hack into its Internet Information Server and is not giving any hints how to work around the problem.

The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature.

Apparently versions 5.x allow bypass of basic authentication by using the "hit highlight" feature. The hit-highlighting feature can be used by an unauthorised user to nick documents.

The Internet Storm Centre says that hackers have not used this exploit to take over systems to date, that could well change. Especially now we've told them about it.

The Vole has written up the problem in its Knowledge Base article 328832. Apparently, hit-highlighting with Webhits.dll only relies on the Microsoft Windows NT ACL (Access Control List) configuration on 5.x versions.

Security experts are a bit stunned at the Volish attitude. Rather than supply a patch or workaround, Microsoft published six steps to reproduce the exploit. In otherwords Vole is telling the world how to exploit products being used by their customers.

The official Volish line is that all users should upgrade to IIS (Internet Information Services) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security, it says here.
Logged

Carigamers

Microsoft tells hackers how to take apart its IIS
« on: June 06, 2007, 09:28:28 AM »

Offline Saxito Pau

  • Global Moderator
  • Akatsuki
  • *
  • Posts: 3848
  • Country: tt
  • Chakra 15
  • Worms will never die!
    • Original NES
  • Referrals: 2
    • View Profile
  • CPU: Intel Core i7-3770
  • GPU: EVGA GTX 970 SC ACX2.0
  • RAM: Crucial Tracer 16GB DDR3-1600
  • BattleNet ID: SaxitoPau#1996
  • Broadband: Flow 60Mbps
  • Steam: Saxito Pau
Re: Microsoft tells hackers how to take apart its IIS
« Reply #1 on: June 06, 2007, 09:43:53 AM »
This is an interesting ploy.

M$: "IIS5 is bad and we know it. IIS6 is better (just as bad and you don't know it). Don't want to upgrade to IIS6? Well we're not patching it, you idiot! We'll force you to upgrade by telling all the hackers how to breach IIS5.  *link to instructions*  Don't say you weren't warned!!"
Logged
God is dead.

Offline SPK

  • Ancient
  • Sannin
  • *****
  • Posts: 2654
  • Country: 00
  • Chakra 16
  • You ever wonder why we're here...?
    • Glorious PC Gaming Master Race.
  • Referrals: 0
    • View Profile
  • CPU: AMD FX 8320
  • GPU: Sapphire Radeon 7870 2GB
  • RAM: 2 x 4GB Kingston HyperX DDR3-1333.
  • Broadband: Flow.
  • Steam: spk1983tt
Re: Microsoft tells hackers how to take apart its IIS
« Reply #2 on: June 06, 2007, 10:01:02 AM »
Quote
The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature.

Damn, they really ARE becoming Ubersoft....

*waits for the Dark Lord of Ubersoft (Mr. Hoppy) to arise with his flaming "BOSS" letters floating around him...*
Logged
Nagamete iru dake ja, itsumademo te ni dekinai...nagamete iru dake ja, kimi no mono ni wa naranai...

ssssssSSSSSSS...That's a nice everything you got there....SSSSSSS.

Carigamers

Re: Microsoft tells hackers how to take apart its IIS
« Reply #2 on: June 06, 2007, 10:01:02 AM »
Pages: [1]
« previous next »
 


* ShoutBox

Refresh History
  • Crimson609: yea everything cool how are you?
    August 10, 2022, 07:26:15 AM
  • Pain_Killer: Good day, what's going on with you guys? Is everything Ok?
    February 21, 2021, 05:30:10 PM
  • Crimson609: BOOM covid-19
    August 15, 2020, 01:07:30 PM
  • Shinsoo: bwda 2020 shoutboxing. omg we are in the future and in the past at the same time!
    March 03, 2020, 06:42:47 AM
  • TriniXjin: Watch Black Clover Everyone!
    February 01, 2020, 06:30:00 PM
  • Crimson609: lol
    February 01, 2020, 05:05:53 PM
  • Skitz: So fellas how we go include listing for all dem parts for pc on we profile but doh have any place for motherboard?
    January 24, 2020, 09:11:33 PM
  • Crimson609: :ph34r:
    January 20, 2019, 09:23:28 PM
  • Crimson609: Big up ya whole slef
    January 20, 2019, 09:23:17 PM
  • protomanex: Gyul like Link
    January 20, 2019, 09:23:14 PM
  • protomanex: Man like Kitana
    January 20, 2019, 09:22:39 PM
  • protomanex: Man like Chappy
    January 20, 2019, 09:21:53 PM
  • protomanex: Gyul Like Minato
    January 20, 2019, 09:21:48 PM
  • protomanex: Gyul like XJin
    January 20, 2019, 09:19:53 PM
  • protomanex: Shout out to man like Crimson
    January 20, 2019, 09:19:44 PM
  • Crimson609: shout out to gyal like Corbie Gonta
    January 20, 2019, 09:19:06 PM
  • cold_187: Why allur don't make a discord or something?
    December 03, 2018, 06:17:38 PM
  • Red Paradox: https://www.twitch.tv/flippay1985 everyday from 6:00pm
    May 29, 2018, 09:40:09 AM
  • Red Paradox: anyone play EA Sports UFC 3.. Looking for a challenge. PSN: Flippay1985 :)
    May 09, 2018, 11:00:52 PM
  • cold_187: @TriniXjin not really, I may have something they need (ssd/ram/mb etc.), hence why I also said "trade" ;)
    February 05, 2018, 10:22:14 AM
SimplePortal 2.3.3 © 2008-2010, SimplePortal