IIS 5.0 gives the attacker full control of your system. Compromised systems should be removed from the network, analyzed and rebuilt with care. Worms can be written to exploit this vulnerability and patching is critically important.

According to reports by CNET, intruders are actively exploiting this vulnerability. Also, according to an article on MSNBC.com, the U.S. Army was compromised and it mentions the remote vulnerability. These articles can be found at:

• http://news.com.com/2100-1002-992920.html
• http://www.msnbc.com/news/886524.asp?0cv=CB20

First follow CERT’s advisory for patching details. This document is available from: http://www.cert.org/advisories/CA-2003-09.html.

All users should run Windows Update and Windows Automatic Updating (formerly known as Critical Notification) to be assured their systems have the latest patches and security updates. See Microsoft’s
bulletin and patch for this security flaw.

(N-Stalker Security Force)