Over 8.3 million live websites using IIS 6.0 are affected by a Zero-Day

Millions of websites are affected by a buffer overflow zero-day vulnerability, tracked as CVE-2017-7269, that resides in the IIS 6.0.

The II6 6.0 zero-day flaw was discovered by two researchers with the Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou, China who published a PoC code exploit on GitHub

Microsoft has already acknowledged the vulnerability that was exploited in the wild in July or August 2016.

More than 8 million websites could be affected by the flaw that resides in the ScStoragePathFromUrl function of the Web Distributed Authoring and Versioning (WebDAV) service in Windows Server 2003 R2’s IIS 6.0.

The issue is caused by the improper validation of an ‘IF’ header in a PROPFIND request and could allow an attacker to trigger a denial of service condition or to run arbitrary code.

“Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request.” reads the analysis published by Trend Micro.

“A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND  method. Successful exploitation could result in denial of service condition or  arbitrary code execution in the context of the user running the application.”

The Web Distributed Authoring and Versioning (WebDAV) extension of the HTTP protocol allows clients to perform remote Web content authoring operations. It allows to extend the support HTTP methods, including COPY, LOCK, MKCOL, PROPFIND, and UNLOCK.

“This vulnerability is exploited using the PROPFIND method and IF header. The PROPFIND method retrieves properties defined on the resource identified by the Request-URI. All the WebDAV-Compliant resources must support the PROPFIND method.” continues the analysis.

The impact of this vulnerability is wide, according to data provided by the W3Techs, Microsoft’s IIS is currently the third most popular web server solution in the wild (11.4% of all websites). IIS 6.0 accounts for 11.3%, roughly 1.3% of all websites on the Internet.

The vulnerability doesn’t affect newer versions of Microsoft Internet Information Services.

According to BuiltWith, IS 6.0 version is currently used by 2.3% of the entire Internet, over 8.3 million live websites are using IIS 6.0.

In order to mitigate the risk of cyber attacks, it is possible to disable the WebDAV service on IIS 6.0 installations.

“To mitigate the risk, disabling the WebDAV service on the vulnerable IIS 6.0 installation is recommended. Newer versions of Windows Server shipped with newer versions of IIS are not affected by this vulnerability.” concluded Trend Micro.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase