This is to notify you that an exploit tool has been released for the "SSL/PCT 1.0" vulnerability described in the MS04-011 bulletin. After lab testing, It has been verified that an unpatched installation of IIS with an SSL certificate is vulnerable to this tool, which grants an attacker a remote command shell on the victim system with "SYSTEM" privileges. In addition, the tool induces the victim machine to initiate the command shell connection back to the attacker: since the inbound delivery of the attack occurs on a standard HTTP/SSL port (TCP/443) and the returned shell is a new outbound connection from the server, this attack will work through firewalls that permit outbound connections from the server.
|