News Stay informed about the latest enterprise technology news and product updates.

Microsoft finds familiar WebDAV flaw in NT, XP

A security vulnerability first found in a core Windows 2000 component has been discovered in NT 4.0 and XP as well, Microsoft said Wednesday in an advisory.

Microsoft issued a security bulletin Wednesday warning that a vulnerability in Windows 2000, first discovered in March, has recently been found in Windows XP and in Windows NT 4.0 as well. Redmond deemed the flaw "critical" and suggests that users of vulnerable systems patch immediately.

In March, Microsoft warned of a vulnerability in Windows 2000 running Internet Information Services (IIS) 5.0. Initially, the flaw was thought to be in WebDAV (World Wide Web Distributed Authoring and Versioning) but the vulnerability was in fact in a core operating system component. Now, it's been determined that XP and NT 4.0 have that same flawed component, ntdll.dll, Microsoft said in its advisory.

The vulnerability is an unchecked buffer in ntdll.dll that can be remotely exploited, allowing an attacker to take control of vulnerable systems. The utility can be called by WebDAV or called locally. WebDAV is an IIS utility that allows for remote management and monitoring of Web content.

XP and NT users aren't in the same predicament that Windows 2000 users were. In the case of Windows 2000, the vulnerability was found at the same time it was being exploited on a U.S. Army Web site. It doesn't look like there is publicly available exploit code for NT and XP.

In other words, the attack vector used for Windows 2000 (by using WebDAV running on IIS 5.0) wouldn't work on XP or NT 4.0. In both cases, IIS isn't installed by default. Also, NT 4.0 doesn't support WebDAV, the advisory said.

Microsoft also announced some new patches this week, including a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, as well as all security patches released for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1.

Redmond also announced a "moderate" risk vulnerability in Microsoft Windows Media Services. The utility is a feature of Microsoft Windows 2000 Server, Advanced Server and Datacenter Server. It can also be used with NT 4.0. The flaw could allow attackers to send special requests to IIS servers that would stop their ability to respond to Internet requests.

Microsoft also released a revised patch that corrects the performance issues that some users encountered when they installed the original Windows XP Service Pack 1 patch.

FOR MORE INFORMATION: news exclusive: "Multiple Windows 2000 WebDAV exploits made public" news exclusive: "New critical IIS buffer flaw exploited" technical tip: "It's time to get the WebDAV out"

FEEDBACK: What keeps you from installing patches immediately?
Send your feedback to the news team.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.