Re: 500,000 Windows web servers hosed

["Larry Seltzer" <larry () larryseltzer com>]

Krebs seems to be wrong about this being an IIS vulnerability,
particularly the token privilege escalation thing. 

See http://hackademix.net/2008/04/26/mass-attack-faq/ for an explanation
of what's happening; that author calls it sort-of-kind-of a
vulnerability because "this mass automated epidemic is due to specific
features of Microsoft databases, allowing the exploit code to be
generic, rather than tailored for each single web site."

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Rich Kulawiec
Sent: Friday, April 25, 2008 7:38 PM
To: funsec () linuxbox org
Subject: [funsec] 500,000 Windows web servers hosed

Brian Krebs of the Washington Post:

        Hundreds of Thousands of Microsoft Web Servers Hacked
        
http://blog.washingtonpost.com/securityfix/2008/04/hundreds_of_thousands
_of_micro_1.html
 
Further commentary:
 
        500 Thousand MS Web Servers Hacked
        http://it.slashdot.org/article.pl?sid=08/04/25/1358234
 
---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.