Article

Microsoft finds familiar WebDAV flaw in NT, XP

Edward Hurley, SearchSecurity.com News Writer

Microsoft issued a security bulletin Wednesday warning that a vulnerability in Windows 2000, first discovered in March, has recently been found in Windows XP and in Windows NT 4.0 as well. Redmond deemed the flaw "critical" and suggests that users of vulnerable systems patch immediately.

In March, Microsoft warned of a vulnerability in Windows 2000 running Internet Information Services (IIS) 5.0. Initially, the flaw was thought to be in WebDAV (World Wide Web Distributed Authoring and Versioning) but the vulnerability was in fact in a core operating system component. Now, it's been determined that XP and NT 4.0 have that same flawed component, ntdll.dll, Microsoft said in its advisory.

The vulnerability is an unchecked buffer in ntdll.dll that can be remotely exploited, allowing an attacker to take control of vulnerable systems. The utility can be called by WebDAV or called locally. WebDAV is an IIS utility that allows for remote management and monitoring of Web content.

XP and NT users aren't in the same predicament that Windows 2000 users were. In the case of Windows 2000, the vulnerability was found at the same time it was being exploited on a U.S. Army Web site. It doesn't look like there is publicly available exploit code for NT and XP.

In other words, the attack vector used for Windows 2000 (by using WebDAV running on IIS 5.0) wouldn't work on XP or NT 4.0. In both cases, IIS isn't installed by default. Also, NT 4.0 doesn't support

    Requires Free Membership to View

WebDAV, the advisory said.

Microsoft also announced some new patches this week, including a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, as well as all security patches released for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1.

Redmond also announced a "moderate" risk vulnerability in Microsoft Windows Media Services. The utility is a feature of Microsoft Windows 2000 Server, Advanced Server and Datacenter Server. It can also be used with NT 4.0. The flaw could allow attackers to send special requests to IIS servers that would stop their ability to respond to Internet requests.

Microsoft also released a revised patch that corrects the performance issues that some users encountered when they installed the original Windows XP Service Pack 1 patch.

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Multiple Windows 2000 WebDAV exploits made public"

SearchSecurity.com news exclusive: "New critical IIS buffer flaw exploited"

SearchSecurity.com technical tip: "It's time to get the WebDAV out"

FEEDBACK: What keeps you from installing patches immediately?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: