Another NSA tool breaks free
Another hacking tool linked to the NSA is spreading across vulnerable servers.
An exploit code-named ExplodingCan is being used by attackers to target Microsoft Windows 2003 servers running the Internet Information Services version 6.0 web server.
ExplodingCan uses a known flaw in IIS 6.0 servers that have the WebDAV (distributed authoring and versioning) extension enabled for remote content creation and management, according to British security company Secarma.
ExplodingCan sends a long request to the WebDAV PROPFIND function, which triggers a buffer overflow that can be used for remote code execution and to obtain command shell on a target Windows 2003 machine.
“Ultimately this is in the same risk category as the WannaCry attacks. It's another way for cybercriminals and hacking teams to access your environment and, once they’re in, the internal parts of these systems are wide open to a variety of different attack vectors,” Paul Harris, Secarma managing director said.
Over 1000 systems in Australia are expected to be vulnerable to ExplodingCan.