Over the last few days there have been many articles written about an issue in Microsoft’s Internet Information Services (IIS). This issue allows an attacker to bypass normal security restrictions when uploading a file to a Web application running on a vulnerable version of IIS. This issue could allow an attacker to upload and execute arbitrary code with the privileges of the Web server.
There are varying reports on the severity of this issue, but according to Microsoft only poorly configured Web servers are at risk from this issue:
“An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration.”
Essentially your site is at risk if it:
- Runs on IIS.
- Allows files to be uploaded.
- Has execute permissions for the directory where the uploaded files are stored.
On December 28, Metasploit added support into their framework to allow exploitation of this issue. This makes it trivial to compromise badly configured servers as outlined above. This development could see a rise in exploitation of this issue.
With information on this issue in the public domain and tools available to easily exploit this issue we urge everyone to ensure their Web applications are properly configured.