Link to home
Create AccountLog in
Avatar of BryanC
BryanC

asked on

What is /msadc/msadcs.dll used for?

We have an internal web server running IIS and in the last month there were more than 6.5 million requests to /msadc/msadcs.dll.

Is this normal?

How can I determine what is making the calls?
Avatar of meverest
meverest
Flag of Australia image

Hi,

it is caused by attempts to exploit a known IIS security vulnerability:

http://www.securityspace.com/smysecure/catid.html?id=10357

If your patches and security updates are all in order then you ought to be safe from any damage.  There is not much that you can do to stop these coming in other than trapping every request at the firewall and blockingthose ip addresses for 'x' minutes/hours.

The requests are probably coming from systems infected by some worm attemtping to replicate to other unpatched systems.

Cheers.
Avatar of BryanC
BryanC

ASKER

Is there a way to determine if the reference is a valid use of the DLL or if it is trying to do something malicious?
what is the result of these requests?  is it 200 or 404 or something else?

Cheers.
Avatar of BryanC

ASKER

All the ones I've looked at have a 200.
ASKER CERTIFIED SOLUTION
Avatar of meverest
meverest
Flag of Australia image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer