Microsoft Internet Information Services MS10-065 Vulnerabilities

(MS10-065, CVE-2010-2730, CVE-2010-1899, CVE-2010-2731)

Summary

Three vulnerabilities have been reported in Microsoft Internet Information Services (IIS) web server. A remote attacker can exploit these vulnerabilities to execute arbitrary code on an affected system.

Details

IIS is a flexible and easy-to-use web server solution for hosting content on the web, and is packaged with several versions of the Windows operating system. The FastCGI protocol for IIS enables popular application frameworks that support FastCGI to be hosted on the IIS web server.

Vulnerability CVE-2010-2730 is due to an error in how IIS with FastCGI enabled handles request headers. Vulnerability CVE-2010-1899 can be exploited via a malicious HTTP POST request being sent to the IIS server, causing a stack overflow. This can cause a denial of service condition on the server, followed by an automatic restart. Vulnerability CVE-2010-2731 is an elevation of privilege escalation that can be caused by sending a maliciously crafted URL to the IIS server, allowing the attacker to bypass authentication and then access and execute resources on the affected system.

Affected Products

Please consult the Check Point bulletins listed below for the products affected by each of these vulnerabilities.

Solution

Check Point IPS Software Blade, IPS-1, and NGX SmartDefense have provided preemptive network protection for the request header buffer overflow vulnerability since 2004 by detecting and blocking the transferal of HTTP requests that attempt to exploit this type of flaw. IPS Software Blade and NGX SmartDefense require that the latest update be applied in order to protect against the denial of service and elevated privilege vulnerabilities, by blocking malicious URLs and HTTP POST requests. For more information, see CPAI-2010-261, CPAI-2010-260, and CPAI-2010-262.

Published September 14, 2010