US Software giant Microsoft Corp. on Friday revealed that cyber-criminals and hackers have started their attacks in one of the unpatched bug in its Internet Information Services (IIS) server software, which was earlier launched to the public in September.
In a statement, Microsoft said that the flaw in the unpatched bug can be exploited by cyber-crooks to control an older ISS server that runs on Windows 2000 (version 5.0). However, hackers should have the skills to create a File Transfer Protocol (FTP) directory in the said server before they can acquire vital information that was feed to the servers.
Microsoft has already posted the said attack code on Monday.
Meanwhile, the software giant said that other IIS users should monitor their systems since they are vulnerable to denial-of-service (DOS) attacks as hackers launched a second attack on Thursday. The exploitation was posted to the Milworm official website.
According to company spokesperson, the code that was released on Monday could be used by cyber-criminals to launce a new DOSS attack against IIS servers including versions 5.0, 5.1, 6.0 and 7.0.
Microsoft said that code could greatly affect people using servers that run on Windows server 2003 and Windows XP. But for the hackers to be able to capitalize on the attacks, they should target those running the FTP service.
To stop further damage on the system, Microsoft has issued a security advisory late Thursday afternoon, saying that they have already contained the limited attacks that exploit the codes.
Meanwhile, security vendors over the weekend said that they were not able to see such attacks, saying that there may have been only a handful of similar attacks to the IIS.
The software giant said that it will release the security updates and patches on Tuesday. However, Microsoft said that it will need more time to fix the bug problem, adding that it will need to test further the newly developed patch.
Related posts: