Silicon Shecky

It seems that a vulnerability in Direct X’s Direct Show subsystem is coming under attack. Now the vulnerability allows execution of code, but only as the logged on user, which means if you are smart, then the normal user account does not have admin rights, and code executed through this vulnerability won’t be able to do as much.

The thing that makes this so major, even though it doesn’t automatically grant admin rights, is the fact that Direct X is used for a lot of multimedia applications. In fact most games use either Direct X or Open GL for rendering. Now add on that the issue is with a Quicktime subroutine in Direct Show, and that even if you have Quicktime installed on your system, the Direct X exploit Can still be access, and you have the makings of a huge issue.

Now the other thing that is interesting is that this only affects Windows 2000, 2003 and XP. Vista and 2008 are not affected, or at least have not been shown to be affected by this vulnerability.

Workarounds and more information is available in the actual Microsoft Security Advisory for this vulnerability.

IT World has a nice little article which gives some tools to help protect those running IIS 6.0 and earlier from the latest exploit. The fun thing is that they are both free tools from Microsoft that basically shut down the WebDAV protocol.

Microsoft has acknowledged the problem, but has not said if or when a patch for it will be available. Windows 2000 servers are more at risk from this vulnerability since WebDAV is turned on by default, in contrast to Windows 2003 where WebDAV is turned off by default.

So, there you have it. Go get the tools and lock it down.

A new flaw in Microsoft’s IIS web server software has popped up, and this one is serious. It affects version 6 of IIS and while you do need to have WebDAV turned on and running, it can allow an attacker to completely compromise data on the server.

Threatpost has a very good description of it here.

The sad things about this is first Microsoft has no patch for it, heck they haven’t even confirmed it yet (they are still looking into it). Secondly, there was a similar vulnerability in an earlier version of IIS.

Right now the best bet is to turn off WebDAV if possible, or better yet uninstall it through add/remove programs and Windows Components (it is a sub component of IIS). Figure that you will see a patch for it somewhat soon.