March 18th, 2003, 10:01 AM
I am looking for a technical resource concerning the new MS WebDAV vulnerability found. For more information:
Any help would be mch appriciated.
Thanks in advance.
March 18th, 2003, 11:32 AM
March 25th, 2003, 06:46 PM
This is much bigger than WebDAV though. The original zero-day exploit of a U.S. Military computer happened to use WebDAV as the attack vector, but the root problem is function of a core system DLL.
Many applications and even other DLL's leverage this same DLL function so there are a multitude of potential attack vectors for exploiting this vulnerability. Some of the security firms have sounded the alarm, but it seems like Microsoft and the mainstream press are still focusing on WebDAV and IIS 5.0 which may give some a false sense of security.
Essentially, everyone with Windows 2000 should apply the patch for this flaw. Here are some references:
NGSSoftware PDF File