Remote 'Root' Exploit in IIS 5.0

eEye Digital Security was doing some testing that apparently Microsoft hadn't done on its own webserver (IIS 5.0) running on its latest OS (Windows 2000, all versions). "Within a matter of minutes," they say, "a debugger kicked in on inetinfo.exe because of a 'buffer overflow error'" -- and two weeks later, we got simultaneous announcements from Microsoft and eEye. This is a remote SYSTEM-level exploit in a popular webserver, in the wild, i.e., Danger Will Robinson. eEye says about a million servers will need to be patched; it may be more. Go see Microsoft's writeup and patch. See also eEye's droll and informative writeup, which, now that an exploit is confirmed to be in the wild today, has added some source code.