The majority of this blog post is related to Linux, but there is also an advisory regarding IIS 6.0 on Windows Server 2003 R2.

First to Linux: A kernel issue was discovered two years ago, identified as CVE-2017-1000253* by Google researcher Michael Davidson in April 2015. It was not considered serious, and as such, a patch for this flaw had not been released until now. Why now? Qualys Research Labs have found the vulnerability can be exploited as below:

Linux distributions that have not patched their long-term kernels with (committed on 14 April 2015) are vulnerable to CVE-2017-1000253, a Local Privilege Escalation.

Most notably, all versions of CentOS 7 before 1708 (released on 13 September 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on 1 August 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.

The full advisory from Qualys can be found here:

Now on to Windows Server 2003 R2. Not much of this around? From 14 July 2015, this version is no longer receiving security updates and as such is vulnerable to any flaws found since that date. According to Grantek:

There are still around 600,000 IIS 6.0 web servers on 2003 out there facing the Internet, with a vulnerability which allows cybercriminals to generate Monero cryptocoins on these vulnerable servers. The vulnerability CVE-2017-1769 was discovered by Zhiniang Peng and Chen Wu in March 2017. The only solution? Upgrade to a supported version of Windows Server, and patch frequently!

*CVE is the abbreviation for Common Vulnerabilities and Exposures.

Stay safe, Terry Griffin

DDLS Principal Technologist: Security

Feature Articles

What to look for in a cloud security system and in training
By Leif Pedersen | 19 February 2024
Unleashing the Power of Data Analytics: A Call for Governments and Public Sector Agencies
By Chloe Villanueva | 20 November 2023
Case Study
Case Study: Spark NZ getting ahead with ITIL Certification
By Leigh Richardson | 30 June 2023
Drive Innovation with IT Service Management Training
11 December 2023