BryanC
asked on
What is /msadc/msadcs.dll used for?
We have an internal web server running IIS and in the last month there were more than 6.5 million requests to /msadc/msadcs.dll.
Is this normal?
How can I determine what is making the calls?
Is this normal?
How can I determine what is making the calls?
ASKER
Is there a way to determine if the reference is a valid use of the DLL or if it is trying to do something malicious?
what is the result of these requests? is it 200 or 404 or something else?
Cheers.
Cheers.
ASKER
All the ones I've looked at have a 200.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
it is caused by attempts to exploit a known IIS security vulnerability:
http://www.securityspace.com/smysecure/catid.html?id=10357
If your patches and security updates are all in order then you ought to be safe from any damage. There is not much that you can do to stop these coming in other than trapping every request at the firewall and blockingthose ip addresses for 'x' minutes/hours.
The requests are probably coming from systems infected by some worm attemtping to replicate to other unpatched systems.
Cheers.