The CERT Coordination Center publishes incident notes to provide
information about incidents to the Internet community.

<h2>Attacks against IIS web servers involving MDAC</h2>

Friday, December 10, 1999
We have received reports of IIS web servers compromised via a
vulnerability in MS Data Access Components (MDAC). This vulnerability
has been widely discussed as early as April 22, 1998. Here are some
pointers to information about this vulnerability:
<dd><a href=""></a></dd>
<dd><a href=""></a></dd>
<dd><a href=""></a></dd>
In incidents reported to us so far, attacks can be identified by
looking through the IIS log files for POST access to the file
"/msadc/msadcs.dll". For example:
1999-10-24 20:38:12 <source addr="" ip=""/> - WWW <dest addr="" ip=""> POST /msadc/msadcs.dll 200 1409 664 782 ACTIVEDATA - -
If you use Microsoft Remote Data Services (RDS) these POST operations
may be legitimate.

We encourage all sites using IIS to carefully follow the steps listed
in Microsoft Advisory MS99-025, referenced above, to secure or disable

<p><!--#include virtual="/include/footer_nocopyright.html" --> </p>
<p>Copyright 1999 Carnegie Mellon University.</p>