Mtnjim
06-25-2004, 02:02 PM
:frustrate FYI:
Security Alert, June 25, 2004
IIS Sites and IE Users Under Attack
A new
form of attack is spreading around the Internet, but to what
extent remains unknown at the time of this writing.
The attack affects
unpatched Microsoft IIS systems, which, when compromised, then attack
unprotected Microsoft
Internet Explorer (IE) systems.
Malicious users use an overflow condition in IIS to compromise an
unpatched
system. The vulnerability is related to the Private
Communications Transport (PCT) in Microsoft's SSL library.
Malicious
Javascript code is inserted into a Web page, and when unprotected IE
users visit the compromised Web
page, IE might run the Javascript code
on the user's system. The code then injects the system with
the
attacker's code of choice.
If possible, administrators should install Microsoft patch MS04-011
to
protect IIS. According to iDEFENSE, IE users are being compromised
with a combination of two vulnerabilities: One
of these
vulnerabilities is related to a problem in MIME Encapsulated Aggregate
HTML (MHTML), and the other is
related to ADO databases (ADODB).
Microsoft has made the MS04-013 patch available for the MHTML problem,
but
no patch is yet available for the ADODB vulnerability. IE users
should consider disabling active scripting in IE
to protect their
systems against these attacks.
http://secadministrator.com/articles/index.cfm?articleid=43088
For more details about this
vulnerability, as well as links to
patches, workarounds, and Intrusion Detection System (IDS) signatures
to
help detect this attack, be sure to visit our Web site at the
provided URL.
Security Alert, June 25, 2004
IIS Sites and IE Users Under Attack
A new
form of attack is spreading around the Internet, but to what
extent remains unknown at the time of this writing.
The attack affects
unpatched Microsoft IIS systems, which, when compromised, then attack
unprotected Microsoft
Internet Explorer (IE) systems.
Malicious users use an overflow condition in IIS to compromise an
unpatched
system. The vulnerability is related to the Private
Communications Transport (PCT) in Microsoft's SSL library.
Malicious
Javascript code is inserted into a Web page, and when unprotected IE
users visit the compromised Web
page, IE might run the Javascript code
on the user's system. The code then injects the system with
the
attacker's code of choice.
If possible, administrators should install Microsoft patch MS04-011
to
protect IIS. According to iDEFENSE, IE users are being compromised
with a combination of two vulnerabilities: One
of these
vulnerabilities is related to a problem in MIME Encapsulated Aggregate
HTML (MHTML), and the other is
related to ADO databases (ADODB).
Microsoft has made the MS04-013 patch available for the MHTML problem,
but
no patch is yet available for the ADODB vulnerability. IE users
should consider disabling active scripting in IE
to protect their
systems against these attacks.
http://secadministrator.com/articles/index.cfm?articleid=43088
For more details about this
vulnerability, as well as links to
patches, workarounds, and Intrusion Detection System (IDS) signatures
to
help detect this attack, be sure to visit our Web site at the
provided URL.