eEye Digital Security unveils one of the largest security holes on the Internet to date.
eEye Digital Security Team, an eCompany LLC venture, dedicated to network security and custom network software development has unveiled one of the most vulnerable security holes on the Internet to date. The vulnerability exists in the latest release of Microsoft Internet Information Server. The most commonly used Windows NT web server on the Internet.
The vulnerability allows arbitrary code to be run on any web server running the latest release of Microsoft Internet Information Server. Utilizing a buffer overflow bug in the web server software, an attacker can remotely execute code to enable system level access to all data residing on the server.
eEye - Digital Security Team came across the vulnerability while testing Retina® Network Security Scanner. Retina is a network security auditing and reporting tool that is currently in beta testing. One of Retina's features utilizes an Artificial Intelligence engine that is designed to think like a hacker. Collecting data and mining for information from the target network or web server. The end result of this data is used to perform auditing on the network and find potential vulnerabilities and weaknesses in the network security.
eEye Digital Security has notified Microsoft about the security breach and has been working with the Microsoft Security Team to help provide a fix. eEye Digital Security did provide Microsoft with an immediate patch for the web server and complete details on how the vulnerability can be exploited remotely to gain system level access to the web server's data. Complete details of the vulnerability and the exploit will be available on eEye's website (www.eEye.com) after Microsoft releases an official fix for the web server.
Firas Bushnaq, President and CEO of eCompany LLC was quoted as saying: "When the team notified me of the breach, I felt the ground move. Are you telling me that our web sites, online businesses and our clients data are open to any cracker with half a brain? We must fix this first and make sure the whole world knows about it."
"We've just released the first beta of Retina one week ago and already we have more than three major exploits on our hands, we've definitely created the hacker on steroids, I can imagine what's coming in the next few months," said Marc Maiffret of the eEye Digital Security Team.
About eEye Digital Security
Founded in 1998, eEye Digital Security is a leader in IT security compliance, providing the only unified vulnerability and compliance management solution that integrates assessment, mitigation and protection into a complete offering. eEye enables secure and compliant computing through world-renowned research and is consistently the first to identify and protect systems from zero-day threats. The company's flagship product, Retina, meets security and compliance requirements for SMBs and enterprise-class organizations across all verticals worldwide. eEye is a trusted advisor providing network security education, product deployment services and enterprise-wide integration.