 |
|
 |
CERT® Incident Note IN-99-08The CERT Coordination Center publishes incident notes to provide information about incidents to the Internet community.Attacks against IIS web servers involving MDACFriday, December 10, 1999We have received reports of IIS web servers compromised via a vulnerability in MS Data Access Components (MDAC). This vulnerability has been widely discussed as early as April 22, 1998. Here are some pointers to information about this vulnerability:
In incidents reported to us so far, attacks can be identified by looking through the IIS log files for POST access to the file "/msadc/msadcs.dll". For example:
If you use Microsoft Remote Data Services (RDS) these POST operations may be legitimate. We encourage all sites using IIS to carefully follow the steps listed in Microsoft Advisory MS99-025, referenced above, to secure or disable RDS. This document is available from: http://www.cert.org/incident_notes/IN-99-08.html CERT/CC Contact Information
Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryptionWe strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from If you prefer to use DES, please call the CERT hotline for more information. Getting security informationCERT publications and other security information are available from our web site
* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Conditions for use, disclaimers, and sponsorship information
Copyright 1999 Carnegie Mellon University. |
