eEye Digital Security unveils one of the largest security holes on the Internet to date.
eEye Digital Security Team, an eCompany LLC venture, dedicated to network security and custom network software development has unveiled one of the most vulnerable security holes on the Internet to date. The vulnerability exists in the latest release of Microsoft Internet Information Server. The most commonly used Windows NT web server on the Internet.
The vulnerability allows arbitrary code to be run on any web server running the latest release of Microsoft Internet Information Server. Utilizing a buffer overflow bug in the web server software, an attacker can remotely execute code to enable system level access to all data residing on the server.
eEye - Digital Security Team came across the vulnerability while testing Retina® Network Security Scanner. Retina is a network security auditing and reporting tool that is currently in beta testing. One of Retina's features utilizes an Artificial Intelligence engine that is designed to think like a hacker. Collecting data and mining for information from the target network or web server. The end result of this data is used to perform auditing on the network and find potential vulnerabilities and weaknesses in the network security.
eEye Digital Security has notified Microsoft about the security breach and has been working with the Microsoft Security Team to help provide a fix. eEye Digital Security did provide Microsoft with an immediate patch for the web server and complete details on how the vulnerability can be exploited remotely to gain system level access to the web server's data. Complete details of the vulnerability and the exploit will be available on eEye's website (www.eEye.com) after Microsoft releases an official fix for the web server.
Firas Bushnaq, President and CEO of eCompany LLC was quoted as saying: "When the team notified me of the breach, I felt the ground move. Are you telling me that our web sites, online businesses and our clients data are open to any cracker with half a brain? We must fix this first and make sure the whole world knows about it."
"We've just released the first beta of Retina one week ago and already we have more than three major exploits on our hands, we've definitely created the hacker on steroids, I can imagine what's coming in the next few months," said Marc Maiffret of the eEye Digital Security Team.
About eEye Digital Security
Since 1998, eEye Digital Security has made vulnerability and compliance management simpler and more efficient by providing the only unified solution that integrates assessment, mitigation, protection, and reporting into a complete offering with optional add-on modules for configuration compliance, regulatory reporting, and integrated patch management. eEye’s world-renowned research and development team is consistently the first to uncover critical vulnerabilities and build new protections into our solutions to prevent their exploit. Thousands of mid-to-large-size private-sector and government organizations, including the largest vulnerability management installations in the world, rely on eEye to protect against the latest known and zero-day vulnerabilities.
Follow eEye Digital Security