A new zero-day vulnerability (CVE-2017-7269) impacting Microsoft IIS 6.0 has been announced with proof-of-concept code. This vulnerability can only be exploited if WebDAV is enabled. IIS 6.0 is a component of Microsoft Windows Server 2003 (including R2.) Microsoft has ended support for Server 2003 on July 14, 2015, which means that this vulnerability will most likely not be patched. It is recommended that these systems be upgraded to a supported platform. The current workaround is to disable the WebDAV Web Service Extension if it is not needed by any web applications.
The Qualys Cloud Platform can help you detect the vulnerability, track and manage Server 2003 Assets, as well as block exploits against web-based vulnerabilities like this one.
Detecting the Vulnerability
Qualys has released QID 87284 for detecting IIS installations with this vulnerability. This new QID is used by Qualys Vulnerability Management to detect the vulnerability externally through a remote check, or directly on the box using an authenticated scan or the Qualys Cloud Agent.
Qualys ThreatPROTECT provides one-click access to a list of impacted assets though the Live Feed, as well as a detailed look into how this vulnerability is exploited, written directly by a vulnerability researcher.
Tracking and Managing Windows Server 2003 Assets
Qualys AssetView can help you locate and track Windows Server 2003 assets in a dynamic widget, even if they are not impacted by this particular vulnerability. The widget can be clicked to get a full list of Server 2003 assets, and the list can be exported for sending to remediation or evergreening teams.
With one simple rule, Qualys Web Application Firewall (WAF) can block any attempts to exploit this vulnerability if upgrading or disabling WebDAV is not an option. Full details are posted here: Protect Against Critical IIS 6.0 Buffer Overflow vulnerability (CVE-2017-7269) with Qualys WAF
Get Started Now
To start detecting and protecting against critical vulnerabilities, get a Qualys Suite trial. All features described in this article are available in the trial.