Results 1 to 3 of 3

Thread: Microsoft WebDAV

  1. #1

    Microsoft WebDAV

    Hi,

    I am looking for a technical resource concerning the new MS WebDAV vulnerability found. For more information:

    http://www.microsoft.com/technet/sec...n/MS03-007.asp
    http://www.microsoft.com/security/se...s/ms03-007.asp

    Any help would be mch appriciated.
    Thanks in advance.

  2. #2
    Senior Member
    Join Date
    Jun 2002
    Posts
    405

  3. #3
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    This is much bigger than WebDAV though. The original zero-day exploit of a U.S. Military computer happened to use WebDAV as the attack vector, but the root problem is function of a core system DLL.

    Many applications and even other DLL's leverage this same DLL function so there are a multitude of potential attack vectors for exploiting this vulnerability. Some of the security firms have sounded the alarm, but it seems like Microsoft and the mainstream press are still focusing on WebDAV and IIS 5.0 which may give some a false sense of security.

    Essentially, everyone with Windows 2000 should apply the patch for this flaw. Here are some references:

    iDefense Article
    NGSSoftware PDF File

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •