2161FYI for those running Win2000/2003 based FTP sites - 0-day security vuln
- Sep 1, 2009Exploit code for a remote buffer overflow in the Microsoft FTP service found in IIS 5.0 (Win2000) and IIS 6.0 (Win2003) is making the rounds on the internet underground. The likelihood of a FTP worm evolving from this is pretty high.
There is some debate on the severity of it on Win2003's ftp service. Some say DOS only, some say remote code execution. No debate when talking Win2000's FTP service...it's nasty and exploitable for remote code execution.
Actions to consider?
If you've got Win2000/Win2003 with the FTP service exposed to the internet, you would be wise to stop & disable the FTP service on them ASAP till Microsoft gets it patched. No official word from Microsoft on this yet, they are probably just learning of it themselves.
You could just block FTP at the firewall but that may not be bulletproof depending on your setup. I'd do both!
While this exploit code is very new, you'd probably be wise to check your potentially exposed servers extra closely while you're on them.