There was a new vulnerability announced today in Apache webserver. This affects all versions of the popular webserver software platform running on Windows operating systems.
From ZDNet Australia:
“The vulnerability means that you can take complete control of the web server remotely with system privileges — which is the highest privilege on Windows,” Edelstein told ZDNet.com.au. “An attacker could gain access to, modify and take away data.”
Edelstein advised users running Apache on Windows platforms to upgrade immediately as users have no way of knowing if their web servers have been compromised. The company’s security advisory can be accessed here.
“Whilst in the past it was more overt and attackers would deface website pages, they’re more likely now to conceal their access to maintain their foothold,” said Edelstein, giving examples of attackers potentially exploiting the vulnerability by placing hidden pieces of code to capture credit card details from online transactions and install root kits on compromised websites.
Although, I do find it odd that people would be running Apache on Windows for anything other than a lab instance. But, that’s just me.
(Image used under CC from Hans Gerwitz)
It is not odd at all, a lot of off the shelf products that people install have apache bundled in as the web server.. This is going to be a nightmare for SA’s to rectify.