Digital Edition

SYS-CON.TV
IIS Vulnerability Update: Symantec Has (Maybe) Snagged Offending Code
"SSL worm" has maybe already been found

On April 22 Microsoft became aware of code available on the Internet that seeks to exploit vulnerabilities already addressed as part of its April 13 security updates, code that attempts to use the IIS PCT/SSL vulnerability on servers running Internet Information Services with the Secure Socket Layer authentication enabled.  The vulnerability was addressed by bulletin MS04-011 (www.windowsupdate.com) and Microsoft urged all customers to immediately install the MS4-011 update as well as the other critical updates provided on April 13. 

In addition, Microsoft published a knowledge base article KB187498 at http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 which provides additional details on SSL and how to disable PCT without applying MS04-011. 

Now Symantec's "DeepSight Threat" network - a global group of sensors that tracks up-and-coming exploits - is reported to have obtained a copy of the code on April 27.

"The sample is automated code, but whether it's a bot or actually a worm, we don't yet know,"  said Alfred Huger, the senior director of engineering with Symantec's security response team.

Only a worm can infect other systems indirectly, by sending itself via e-mail or tucking copies into shared folders, Huger explained. But either way, he urged everyone to expedite their patching of this vulnerability.

"If this isn't a worm, I think we'll see one in short order," he said.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
When a company wants to develop an application, it must worry about many aspects: selecting the infr...
Financial enterprises in New York City, London, Singapore, and other world financial capitals are em...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the U...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), wh...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, ...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Today's workforce is trading their cubicles and corporate desktops in favor of an any-location, any-...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
ShieldX's CEO and Founder, Ratinder Ahuja, believes that traditional security solutions are not desi...
Is your enterprise growing the right skills to fight the digital transformation (DX) battles? With 6...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...