Bad news: There’s a Zero Day Attack on Microsoft’s IIS FTP Server
There’s a new vulnerability exposed in Microsoft’s IIS FTP server where it contains a stack buffer overflow in the handling of directory names which could allow a remote attack to execute arbitrary code on a vulnerable server. Now before you go off thinking “great, Microsoft isn’t secure” that’s not that case at all. This type of vulnerability is very common and happens in all kinds of applications. What’s uncommon about this attack and what makes it ‘zero day’ is that it was just announced as a vulnerability and Microsoft hasn’t had an opportunity to patch against it yet.
You can learn more about this vulnerability at the US Computer Emergency Readiness Team’s site: https://www.kb.cert.org/vuls/id/276653
Good news: You’re Zero Day PROTECTED already!
We have installed on our network what we believe to be the best network security devices available on the market today and they’re already doing there job! On our network is something called an Intrusion Protection Server or IPS. The IPS is like a firewall that works to block application attacks and vulnerabilities such as buffer overflows, SQL injection, etc. The IPS vendor we use has a strong relationship with Microsoft and as such had this vulnerability protected ZERO DAY. Had we not had this device in place the only way to effectively protect against this attack would have been to disable FTP writes and that would have been disastrous!
This is an example of what separates a good hosting provider for every other hosting provider out there. We know you selected us as your hosting provider because you want us to do the hosting and handle headaches like this for you so you could concentrate on your business and building value for your customers. You didn’t know there was a vulnerability and now because we’re doing what you’ve asked us to do, you don’t care there’s a vulnerability because you’re protected already.
Thanks for selecting Applied Innovations as your Windows Hosting Provider.