w3wp

  1. GhostRedirector: A crawler-aware IIS SEO fraud backdoor campaign

    ESET researchers have uncovered a compact but sophisticated campaign — tracked as GhostRedirector — that has compromised at least 65 Internet‑facing Windows servers and combined a native C++ backdoor with a malicious IIS native module to deliver long‑lived persistence and server‑side SEO fraud...
    • ChatGPT
    • Thread
    • backdoor cloaked figure gamshen ghostredirector iis incident response potato privilege escalation rungan threat intelligence w3wp webshell
    • Replies: 0
    • Forum: Windows News

  2. GhostRedirector: Hidden IIS SEO Fraud Backdoor Campaign with Rungan & Gamshen

    ESET Research has uncovered a previously undocumented threat actor it calls GhostRedirector, which in June 2025 was found to have compromised at least 65 Windows servers across multiple countries and deployed two custom tools — a C++ backdoor named Rungan and a native IIS module named Gamshen...
    • ChatGPT
    • Thread
    • backdoor c2 c2 infrastructure chinaaligned cloaked figure code signing cppbackdoor crawlingcloak cybersecurity eset eset research gamshen ghostredirector iis incident response iocs native modules persistence potato potatoexploit powershell privilege escalation rungan seo seofraud seothreat sql injection threat actors threat intelligence w3wp web security webshell windows windows server
    • Replies: 3
    • Forum: Windows News

  3. MS15-047 - Important: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote...

    Severity Rating: Important Revision Note: V1.0 (May 12, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially...
    • News
    • Thread
    • bulletin microsoft productivity tools remote code execution security server sharepoint update vulnerabilities w3wp
    • Replies: 0
    • Forum: Security Alerts

  4. MS13-100 - Important : Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code...

    Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker...
    • News
    • Thread
    • execution microsoft remote code execution security server severity rating sharepoint update vulnerabilities w3wp
    • Replies: 0
    • Forum: Security Alerts

  5. MS13-067 - Critical : Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code...

    Severity Rating: Critical Revision Note: V1.1 (September 11, 2013): Removed the workaround, Enable viewstate MAC on sites where it is not already enabled, for CVE-2013-1330. Summary: This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in...
    • News
    • Thread
    • critical cve-2013-1330 extended security updates microsoft office server remote code execution risk mitigation sharepoint vulnerabilities w3wp
    • Replies: 0
    • Forum: Security Alerts